Information Disclosure Vulnerability in Avaya Communication Manager and SIP Enablement Services
CVE-2008-3777

Currently unrated

Key Information:

Vendor: Avaya
Status: Sip Enablement Services
Vendor: CVE Published:; 25 August 2008

Summary

The SIP Enablement Services (SES) Server in Avaya's Communication Manager and SIP Enablement Services 5.0 versions exposes sensitive information by logging account names and passwords during failed login attempts. This behavior allows local users to potentially retrieve login credentials through access to system logs. To mitigate this risk, it is essential to implement appropriate access controls and restrict log access to authorized personnel.

References

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

x_refsource_CONFIRM

http://www.securityfocus.com/bid/30758

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/44586

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 25, 2008
Vulnerability Reserved
Aug 25, 2008