Lucene search

VulDBCVELIST:CVE-2013-10004

HistoryMay 24, 2022 - 3:30 p.m.

CVE-2013-10004 Telecommunication Software SAMwin Contact Center Suite Password SAMwinLIBVB.dll passwordScramble improper authentication

2022-05-2415:30:31

CWE-287

VulDB

www.cve.org

telecommunication software

samwin contact center suite

passwordscramble

vulnerability

samwinlibvb.dll

improper authentication

hashing function

predictable authentication

upgrading.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.

CNA Affected

[
  {
    "product": "SAMwin Contact Center Suite",
    "vendor": "Telecommunication Software",
    "versions": [
      {
        "status": "affected",
        "version": "5.1"
      }
    ]
  }
]

References

www.modzero.ch/advisories/MZ-13-07_SAMwin_Collisions.txt

vuldb.com/?id.12790

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

61.7%

JSON

Related for CVELIST:CVE-2013-10004