CVE-2013-6838 : An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

Published 2014-01-28 00:55:04

Updated 2014-01-31 06:07:27

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-6838

Probability of exploitation activity in the next 30 days: 0.40%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6838

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6838

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6838

http://seclists.org/fulldisclosure/2014/Jan/103

Full Disclosure: [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability
https://xpd.se/advisories/XPD-2013-001.txt

Products affected by CVE-2013-6838

Enghouseinteractive » Ivr Pro » Version: 9.0.3
cpe:2.3:a:enghouseinteractive:ivr_pro:9.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Openvz » Vzkernel » Version: N/A

Vulnerability Details : CVE-2013-6838

Exploit prediction scoring system (EPSS) score for CVE-2013-6838

CVSS scores for CVE-2013-6838

CWE ids for CVE-2013-6838

References for CVE-2013-6838

Products affected by CVE-2013-6838