Authentication Issue in VICIDIAL Dialer Product by VICIDIAL
CVE-2013-7382

Currently unrated

Key Information:

Vendor

Vicidial

Status
Vicidial
Vendor
CVE Published:
17 May 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2013-7382?

The VICIDIAL dialer, also known as the Asterisk GUI client, contains a critical flaw due to a hardcoded password for VDAD and VDCL users. This vulnerability facilitates unauthorized remote access, allowing attackers to gain control over the system without proper authentication. The hardcoded password, 'donotedit', poses an increased risk for organizations relying on this software, making it essential to address this issue immediately to safeguard sensitive data and maintain system security.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-7382 - Proof of Concept

References

https://adamcaudill.com/2013/10/23/vicidial-multiple-vuln...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/10/23/10
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2013/10/25/1
mailing-listx_refsource_MLIST

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.