Lucene search

VulDBCVELIST:CVE-2013-10002

HistoryMay 24, 2022 - 3:30 p.m.

CVE-2013-10002 Telecommunication Software SAMwin Contact Center Suite Credential SAMwinLIBVB.dll getCurrentDBVersion hard-coded credentials

2022-05-2415:30:27

CWE-798

VulDB

www.cve.org

telecommunication software

samwin contact center suite

vulnerability

samwinlibvb.dll

credential handler

hard-coded credentials

upgrade

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "product": "SAMwin Contact Center Suite",
    "vendor": "Telecommunication Software",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      }
    ]
  }
]

References

www.modzero.ch/advisories/MZ-13-06_SAMwin_Architectural_Issues.txt

vuldb.com/?id.12788

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

48.6%

JSON

Related for CVELIST:CVE-2013-10002