CVE-2013-6838 : An unspecified Enghouse Interactive Professional Services "addon product" in Eng

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

Published 2014-01-28 00:55:04

Updated 2025-04-11 00:51:22

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2013-6838

Enghouseinteractive » Ivr Pro » Version: 9.0.3
cpe:2.3:a:enghouseinteractive:ivr_pro:9.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Openvz » Vzkernel » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2013-6838

EPSS FAQ

1.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-6838

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-6838

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6838

http://seclists.org/fulldisclosure/2014/Jan/103

Full Disclosure: [CVE-2013-6838] Enghouse Interactive IVR Pro (VIP2000) remote root authentication bypass Vulnerability
https://xpd.se/advisories/XPD-2013-001.txt

Jump to

Vulnerability Details : CVE-2013-6838

Products affected by CVE-2013-6838

Exploit prediction scoring system (EPSS) score for CVE-2013-6838

CVSS scores for CVE-2013-6838

CWE ids for CVE-2013-6838

References for CVE-2013-6838