Vulnerabilities > CVE-2013-7382 - Credentials Management vulnerability in Vicidial 2.7/2.8

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

vicidial

CWE-255

exploit available

NVD

Published: 2014-05-17

Updated: 2014-05-19

Summary

VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to obtain access.

Vulnerable Configurations

Part	Description	Count
Application	Vicidial Vicidial Vicidial 2.7 Vicidial Vicidial 2.8	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

description	VICIdial Manager Send OS Command Injection. CVE-2013-4467,CVE-2013-7382. Remote exploit for linux platform
file	exploits/linux/remote/29513.rb
id	EDB-ID:29513
last seen	2016-02-03
modified	2013-11-08
platform	linux
port	80
published	2013-11-08
reporter	metasploit
source	https://www.exploit-db.com/download/29513/
title	VICIdial Manager Send OS Command Injection
type	remote

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

References