HIGH🇬🇧 English

CVE-2013-6838

CVSS 10.0v2.0pub. 2014-01-28upd. 2026-04-29

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

oryginał EN
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Enghouseinteractive Ivr Pro

    APP
    Enghouseinteractive
    9.0.3
  • Openvz Vzkernel

    OS
    Openvz
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2014-3519MEDIUM6.5ten sam produkt

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...

CVE-2013-2239MEDIUM4.7ten sam produkt

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certai...

CVE-2015-6927LOW3.6ten sam vendor

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescri...