CVE-2011-3008
Last modified
CVE-2011-3008 is a vulnerability of currently unknown severity. The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.. EPSS estimates a 1.54% chance of exploitation in the next 30 days.
Description
The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Secure Access Link Gateway | 1.5 |
| Avaya | Secure Access Link Gateway | 1.8 |
| Avaya | Secure Access Link Gateway | 2.0 |
References
- http://support.avaya.com/css/P8/documents/100140483Vendor Advisory
- http://www.kb.cert.org/vuls/id/690315US Government Resource
- http://support.avaya.com/css/P8/documents/100140483Vendor Advisory
- http://www.kb.cert.org/vuls/id/690315US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-3008?
How severe is CVE-2011-3008?
How do I fix CVE-2011-3008?
Are you affected by CVE-2011-3008?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST