Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7382

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-7382
Last Modified 19 May 2014 11:46:23
Published 17 May 2014 03:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-7382

Summary

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.

Vulnerable Systems

Application

  • Vicidial 2.7

  • Vicidial 2.8


References

MISC - https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/

MLIST - [oss-security] 20131024 Re: VICIDIAL 2.7 - SQL Injection, Command Injection

MLIST - [oss-security] 20131023 VICIDIAL 2.7 - SQL Injection, Command Injection

EXPLOIT-DB - 29513


Last Updated: 27 May 2016 11:05:18