CVE-2013-6838

Name of the Vulnerable Software and Affected Versions Enghouse Interactive IVR Pro (VIP2000) version 9.0.3

Description The issue concerns an unspecified "addon product" in Enghouse Interactive IVR Pro, where the same SSH private key is used across different customers' installations when OpenVZ and fallback customization are utilized. This allows remote attackers to gain privileges by leveraging knowledge of this key.

Recommendations For Enghouse Interactive IVR Pro (VIP2000) version 9.0.3, consider regenerating and using unique SSH private keys for each customer's installation to prevent unauthorized access. As a temporary workaround, restrict access to the SSH service until a more permanent solution can be implemented.