CVE-2011-3008

Name of the Vulnerable Software and Affected Versions Avaya Secure Access Link (SAL) Gateway versions 1.5, 1.8, and 2.0

Description The default configuration of the Avaya Secure Access Link (SAL) Gateway contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields. This allows remote attackers to obtain sensitive information, such as alarm and log information, by leveraging administrative access to these domain names.

Recommendations For Avaya Secure Access Link (SAL) Gateway version 1.5, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names. For Avaya Secure Access Link (SAL) Gateway version 1.8, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names. For Avaya Secure Access Link (SAL) Gateway version 2.0, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names.