Riverbed Security Advisory for CVE-2017-5670, CVE-2017-7305, CVE-2017-7306, and CVE-2017-7307

CVE-2017-5670, CVE-2017-7305, CVE-2017-7306, CVE-2017-7307 have been posted for the Secure Vault feature by an independent third-party.  The Secure Vault is an AES 256-bit encrypted area of disk used on several Riverbed products to hold sensitive information from the device’s configuration. This can include, for example, SSL private keys for use with SSL optimization, the RiOS data store encryption key, and replication or delegate user configuration details.

The 3rd party was able to modify the system by having physical access to the appliance, and rebooting the appliance into single-user mode. They were also able to use other aspects of the default configuration settings to exploit the system and extract information from the vault. This knowledge base article addresses each of the four CVEs disclosed as a result of the 3rd party findings.

Please Note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.

CVE-2017-5670 Issue

The Riverbed products and versions listed below delete the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.

SteelHead products

SteelFusion products

CVE-2017-7305 Issue

The Riverbed products listed below do not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot.

NOTE: Riverbed believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for a bootloader password; however, this password is optional to meet different customers' needs.

SteelHead products 

SteelFusion products 

CVE-2017-7306 Issue

The Riverbed products listed below have a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number.

NOTE: Riverbed believes that this does not meet the definition of a vulnerability. The product contains correct computational logic for supporting arbitrary password changes by customers; however, a password change is optional to meet different customers' needs.

SteelHead products

SteelFusion products

CVE-2017-7307 Issue

The Riverbed products and versions listed below do not properly restrict shell access in single-user mode, which makes it easier for physically proximate attackers to obtain root privileges and access decrypted data by replacing the /opt/tms/bin/cli file.

SteelHead products

SteelFusion products

Deploying your device following the best practices outlined below, and in our documentation, will ensure proper protection of the Secure Vault contents.
The Securing SteelHeads section of the Deployment Guide provides additional information - this is a direct link to the 9.5 documentation, the most current at the time of publication.  This information applies to all vulnerable products described in this KB.

CVE-2017-5670 Solution

Restrict Physical Access
Treat the Riverbed device in the same manner as other infrastructure devices handling sensitive data. Restrict physical access to only authorized users.  By acquiring physical access to a device, an attacker through single user mode can gain control, including lost password recovery procedures. Even without breaking into the software, it is possible to gain access to the contents of disks by gaining access to the device itself. You should treat the device as comparable in value to the servers or clients that hold sensitive data.

Decommissioning
Take proper steps when decommissioning your device, including the erasing of the Secure Vault and hard disk data in the steps outlined here: S13237

CVE-2017-7305 Solution

If you are unable to restrict physical access or would like to further strengthen the protection around the encrypted data in the Secure Vault, Riverbed recommends implementing the following best practices; additional information is available in Riverbed documentation.

Use a Boot Loader Password
Setting a boot loader password prevents anyone with physical access to the device from modifying the boot sequence, including loading single-user mode for password recovery. 
To configure a boot loader password:

Use a BIOS Password
Enable a BIOS password for pre-boot protection against unauthorized system booting, and loading single-user mode for password recovery.
To configure a password:

• Connect a null modem cable to a SteelHead.
• Open up a terminal on your host to the SteelHead.
• Power up the SteelHead.
• Press F4 to enter BIOS.
• Navigate to the Security tab.
• Specify a supervisor password.
• Make sure that the user password option is set to OFF.
• Save your configuration and continue to boot the SteelHead.

CVE-2017-7306 Solution

Restrict Physical Access
Treat the Riverbed device in the same manner as other infrastructure devices handling sensitive data. Restrict physical access to only authorized users. By acquiring physical access to a device, an attacker through single user mode can gain control, including lost password recovery procedures. Even without breaking into the software, it is possible to gain access to the contents of disks by gaining access to the device itself. You should treat the device as comparable in value to the servers or clients that hold sensitive data. Decommissioning Take proper steps when decommissioning your device, including the erasing of the Secure Vault and hard disk data in the steps outlined here: S13237 If you are unable to restrict physical access or would like to further strengthen the protection around the encrypted data in the Secure Vault, Riverbed recommends implementing the following best practices; additional information is available in Riverbed documentation.

Change the Secure Vault Password
The key used for encrypting the Secure Vault data can be changed to a value only known by the device administrator.  This ensures the Secure Vault is only unlocked when an authorized user has access to the device.  To change the Secure Vault password:
Steelhead (config) # secure-vault new-password <password>
Steelhead (config) # write memory

Note:
Changing the key requires it to be entered by the user on every start-up of the device.  Functionality dependent on the Secure Vault cannot operate until it is unlocked.  Unlocking the secure vault:
Steelhead (config) # secure-vault unlock <password>

Devices that are managed by the SteelCentral Controller for SteelHead (SCC) can have their Secure Vault automatically unlocked upon connection to the SCC after reboot. This allows a key not known to RiOS to be used while also still allowing automatic unlock at boot.

CVE-2017-7307 Solution

If you are unable to restrict physical access or would like to further strengthen the protection around the encrypted data in the Secure Vault, Riverbed recommends upgrading to a supported version of Riverbed RiOS which includes a challenge/response function to protect against this unauthorized access; additional information is available in Riverbed documentation.

Refer to the following KB for more information on Secure Vault: S22143.

Please Note: To receive real-time updates on this article, please click the Subscribe icon in the upper right corner of this article. Updates will be emailed to you as they are published. For additional information on how to subscribe, see S22384.