CVE-2008-3777

Published: Aug 25, 2008Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

Affected (2)

Products: Avaya: Sip Enablement Services, Communication Manager

2 products

Sip Enablement Services

Communication Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avaya Sip Enablement Services	Version 5.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Avaya Communication Manager	Version 5.0

Running on/with	Platform Versions
Avaya S8300c Server	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

Source: cve@mitre.org

http://www.securityfocus.com/bid/30758

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44586

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30758

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44586

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.