Sign-up

ID

VAR-201108-0204


CVE

CVE-2011-3008


TITLE

Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability

Trust: 0.8

sources: CERT/CC: VU#690315

DESCRIPTION

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. Avaya Provided by Secure Access Link (SAL) Gateway Contains an information disclosure vulnerability. Avaya Provided by Secure Access Link (SAL) Gateway Has a problem with the default settings during installation. Avaya Has released the following vulnerability information. These servers resolve to invalid domains and pose a security threat. Secondary Core Server URL should be same as the primary Core Server URL and Secondary Remote Server URL should be same as the primary Remote Server URL."Information such as logs is not intended E-mail May be sent to the address. No need to surrender free access, this service allows you to initiate a communication connection from your own network and choose the best provider for your business. To exploit this vulnerability, an attacker would need a malicious email server with the 'secavaya.com' and 'secaxeda.com' domain names to get warnings and log information. Exploiting this issue may allow an attacker to access sensitive information that may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2011-3008 // CERT/CC: VU#690315 // JVNDB: JVNDB-2011-002112 // CNVD: CNVD-2011-2935 // BID: 48942 // VULHUB: VHN-50953

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2011-2935

AFFECTED PRODUCTS

vendor:avayamodel:secure access linkscope:eqversion:2.0

Trust: 1.7

vendor:avayamodel:secure access linkscope:eqversion:1.8

Trust: 1.7

vendor:avayamodel:secure access linkscope:eqversion:1.5

Trust: 1.7

vendor:avayamodel:secure access link gatewayscope:eqversion:2.0

Trust: 1.6

vendor:avayamodel:secure access link gatewayscope:eqversion:1.8

Trust: 1.6

vendor:avayamodel:secure access link gatewayscope:eqversion:1.5

Trust: 1.6

vendor:avayamodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#690315 // CNVD: CNVD-2011-2935 // BID: 48942 // JVNDB: JVNDB-2011-002112 // CNNVD: CNNVD-201108-108 // NVD: CVE-2011-3008

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3008
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#690315
value: 0.91

Trust: 0.8

NVD: CVE-2011-3008
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201108-108
value: MEDIUM

Trust: 0.6

VULHUB: VHN-50953
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3008
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-50953
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#690315 // VULHUB: VHN-50953 // JVNDB: JVNDB-2011-002112 // CNNVD: CNNVD-201108-108 // NVD: CVE-2011-3008

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

sources: VULHUB: VHN-50953 // JVNDB: JVNDB-2011-002112 // NVD: CVE-2011-3008

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201108-016 // CNNVD: CNNVD-201108-108

TYPE

Configuration Error

Trust: 0.9

sources: BID: 48942 // CNNVD: CNNVD-201108-108

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002112

PATCH
title:Product Support Notice PSN003314uurl:http://support.avaya.com/css/P8/documents/100140483
Trust: 0.8
title:Patch for Avaya Secure Access Link (SAL) Gateway Illegal Domain Server Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/4585
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2011-2935 // 
            
            
            
            JVNDB: JVNDB-2011-002112

EXTERNAL IDS
db:CERT/CCid:VU#690315
Trust: 4.2
db:BIDid:48942
Trust: 4.0
db:NVDid:CVE-2011-3008
Trust: 2.5
db:XFid:68922
Trust: 1.4
db:JVNDBid:JVNDB-2011-002112
Trust: 0.8
db:CNNVDid:CNNVD-201108-108
Trust: 0.7
db:CNVDid:CNVD-2011-2935
Trust: 0.6
db:CNNVDid:CNNVD-201108-016
Trust: 0.6
db:VULHUBid:VHN-50953
Trust: 0.1
sources:
            
            
            CERT/CC: VU#690315 // 
            
            
            
            CNVD: CNVD-2011-2935 // 
            
            
            
            VULHUB: VHN-50953 // 
            
            
            
            BID: 48942 // 
            
            
            
            JVNDB: JVNDB-2011-002112 // 
            
            
            
            CNNVD: CNNVD-201108-016 // 
            
            
            
            CNNVD: CNNVD-201108-108 // 
            
            
            
            NVD: CVE-2011-3008

REFERENCES
url:http://www.kb.cert.org/vuls/id/690315
Trust: 3.4
url:http://www.securityfocus.com/bid/48942
Trust: 3.1
url:http://support.avaya.com/css/p8/documents/100140483
Trust: 2.8
url:http://xforce.iss.net/xforce/xfdb/68922
Trust: 1.4
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/68922
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3008
Trust: 0.8
url:http://jvn.jp/cert/jvnvu690315
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3008
Trust: 0.8
url:http://www.avaya.com
Trust: 0.3
url:http://www.avaya.com/usa/service/secure-access-link
Trust: 0.3
sources:
            
            
            CERT/CC: VU#690315 // 
            
            
            
            CNVD: CNVD-2011-2935 // 
            
            
            
            VULHUB: VHN-50953 // 
            
            
            
            BID: 48942 // 
            
            
            
            JVNDB: JVNDB-2011-002112 // 
            
            
            
            CNNVD: CNNVD-201108-016 // 
            
            
            
            CNNVD: CNNVD-201108-108 // 
            
            
            
            NVD: CVE-2011-3008

CREDITS
Anonymous.
Trust: 0.9
sources:
            
            
            BID: 48942 // 
            
            
            
            CNNVD: CNNVD-201108-016

SOURCES
db:CERT/CCid:VU#690315
db:CNVDid:CNVD-2011-2935
db:VULHUBid:VHN-50953
db:BIDid:48942
db:JVNDBid:JVNDB-2011-002112
db:CNNVDid:CNNVD-201108-016
db:CNNVDid:CNNVD-201108-108
db:NVDid:CVE-2011-3008

LAST UPDATE DATE
2024-08-14T15:03:54.302000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#690315date:2011-07-29T00:00:00
db:CNVDid:CNVD-2011-2935date:2011-08-01T00:00:00
db:VULHUBid:VHN-50953date:2017-08-29T00:00:00
db:BIDid:48942date:2011-07-29T00:00:00
db:JVNDBid:JVNDB-2011-002112date:2011-08-18T00:00:00
db:CNNVDid:CNNVD-201108-016date:2011-08-02T00:00:00
db:CNNVDid:CNNVD-201108-108date:2011-08-09T00:00:00
db:NVDid:CVE-2011-3008date:2017-08-29T01:29:53.897

SOURCES RELEASE DATE
db:CERT/CCid:VU#690315date:2011-07-29T00:00:00
db:CNVDid:CNVD-2011-2935date:2011-08-01T00:00:00
db:VULHUBid:VHN-50953date:2011-08-05T00:00:00
db:BIDid:48942date:2011-07-29T00:00:00
db:JVNDBid:JVNDB-2011-002112date:2011-08-18T00:00:00
db:CNNVDid:CNNVD-201108-016date:1900-01-01T00:00:00
db:CNNVDid:CNNVD-201108-108date:2011-08-08T00:00:00
db:NVDid:CVE-2011-3008date:2011-08-05T21:55:09.280