Vulnerabilities > CVE-2013-7382 - Credentials Management vulnerability in Vicidial 2.7/2.8
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | VICIdial Manager Send OS Command Injection. CVE-2013-4467,CVE-2013-7382. Remote exploit for linux platform |
file | exploits/linux/remote/29513.rb |
id | EDB-ID:29513 |
last seen | 2016-02-03 |
modified | 2013-11-08 |
platform | linux |
port | 80 |
published | 2013-11-08 |
reporter | metasploit |
source | https://www.exploit-db.com/download/29513/ |
title | VICIdial Manager Send OS Command Injection |
type | remote |