Reporter Peter Norin
`-----BEGIN PGP SIGNED MESSAGE-----
XPD - XPD Advisory
Enghouse Interactive IVR Pro (VIP2000) remote root
authentication bypass Vulnerability
Advisory ID: XPD-2013-001
CVE reference: CVE-2013-6838
Affected platforms: IVR Pro/Contact Center (VIP2000) platforms
with OpenVZ and fallback customization applied
Version: 9.0.3 (rel903)
Security risk: High
Vulnerability: IVR Pro (VIP2000) remote root authentication bypass
Researcher: Fredrik Soderblom and Peter Norin
Vendor Status: Notified / Patch available
Vulnerability Disclosure Policy:
Vulnerable IVR Pro installations allow unauthenticated users to
bypass authentication and login as the 'root' user on the device.
The SSH private key corresponding to the following public key is
public and present on all vulnerable appliances:
Furthermore the SSH private key is not protected with a passphrase.
Its fingerprint is:
If successful, a malicious third party can get full control of the
device with little to no effort. The Attacker might reposition and
launch an attack against other parts of the target infrastructure
According to Enghouse Interactive the problem is located in an addon
product delivered by Enghouse Interactive Professional Services. The
addon utilizes OpenVZ to achieve high availability for the IVR Pro
IVR Pro/Contact Center (VIP2000) version 9.0.3 (rel903) with OpenVZ
and fallback tested.
The vendor reports that the following versions are patched:
Same release (9.0.3), with latest release of OpenVZ fallback
customization, is fixed
This vulnerability was discovered and researched by Fredrik Soderblom
and Peter Norin from XPD AB.
18-11-13 Initial Discovery
22-11-13 Initial attempt to contact the vendor
23-11-13 Reply from Radek Zalewski, case is assigned to internal resource
26-11-13 Draft of the advisory sent to the vendor
27-11-13 CVE-2013-6838 is assigned
27-11-13 Enghouse Interactive notifies us that patches are ready
15-01-14 Public disclosure
XPD AB is a privately held company with Headquarters in Stockholm, Sweden.
Established in 2002, XPD AB is an independant security consulting and
research firm, with a focus on security and perimeter security solutions.
Disclaimer and Copyright
Copyright (c) 2013-2014 XPD AB. All rights reserved.
This advisory may be distributed as long as its distribution is
free-of-charge and proper credit is given.
The information provided in this advisory is provided "as is" without
warranty of any kind. XPD AB disclaims all warranties, either
express or implied, including the warranties of merchantability and
fitness for a particular purpose. In no event shall XPD AB or
its suppliers be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or
special damages, even if XPD AB or its suppliers have been advised
of the possibility of such damages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----