CVE-2011-3008

EUVD-2011-2976
The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
avayasecure_access_link_gateway
1.5
avayasecure_access_link_gateway
1.8
avayasecure_access_link_gateway
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.avaya.com/css/P8/documents/100140483
http://www.kb.cert.org/vuls/id/690315
http://www.securityfocus.com/bid/48942
https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
http://support.avaya.com/css/P8/documents/100140483
http://www.kb.cert.org/vuls/id/690315
http://www.securityfocus.com/bid/48942
https://exchange.xforce.ibmcloud.com/vulnerabilities/68922