CVE-2013-6838

critical

Published 2014-01-28 · Modified 2026-04-29

CVSS v3

—

CVSS v2

10.0

VIR risk

10.0

Description

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903), when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges by leveraging knowledge of this key.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
enghouseinteractive	ivr_pro	`9.0.3`

References

http://seclists.org/fulldisclosure/2014/Jan/103
https://xpd.se/advisories/XPD-2013-001.txt
http://seclists.org/fulldisclosure/2014/Jan/103
https://xpd.se/advisories/XPD-2013-001.txt

CWEs

CWE-310

Verify integrity in audit chain (admin only). AS-IS.