HIGH🇵🇱 Wersja polska

CVE-2013-6838

CVSS 10.0v2.0pub. 2014-01-28upd. 2026-04-29

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

CVSS Vector
AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Enghouseinteractive Ivr Pro

    APP
    Enghouseinteractive
    9.0.3
  • Openvz Vzkernel

    OS
    Openvz
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2014-3519MEDIUM6.5ten sam produkt

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...

CVE-2013-2239MEDIUM4.7ten sam produkt

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certai...

CVE-2015-6927LOW3.6ten sam vendor

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescri...