An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.
CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:CEnghouseinteractive Ivr Pro
APPEnghouseinteractive9.0.3Openvz Vzkernel
OSOpenvzwszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2014-3519MEDIUM6.5ten sam produkt
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...
CVE-2013-2239MEDIUM4.7ten sam produkt
vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certai...
CVE-2015-6927LOW3.6ten sam vendor
vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescri...