Vulnerability Details : CVE-2013-6838
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.
Exploit prediction scoring system (EPSS) score for CVE-2013-6838
Probability of exploitation activity in the next 30 days: 0.40%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6838
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-6838
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6838
-
http://seclists.org/fulldisclosure/2014/Jan/103
Full Disclosure: [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability
-
https://xpd.se/advisories/XPD-2013-001.txt
Products affected by CVE-2013-6838
- cpe:2.3:a:enghouseinteractive:ivr_pro:9.0.3:*:*:*:*:*:*:*