CVE-2011-3008

Published: Aug 5, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information.

Affected (3)

Products: Avaya: Secure Access Link Gateway

1 product

Secure Access Link Gateway

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Avaya Secure Access Link Gateway	Version 1.5
Avaya Secure Access Link Gateway	Version 1.8
Avaya Secure Access Link Gateway	Version 2.0

Related CWEs

References (8)

http://support.avaya.com/css/P8/documents/100140483

Source: cve@mitre.org

Vendor Advisory

http://www.kb.cert.org/vuls/id/690315

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/48942

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/68922

Source: cve@mitre.org

http://support.avaya.com/css/P8/documents/100140483

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.kb.cert.org/vuls/id/690315

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/48942

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/68922

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.