PT-2011-4246 · Avaya · Avaya Secure Access Link (Sal) Gateway
Published
2011-08-05
·
Updated
2017-08-29
·
CVE-2011-3008
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Avaya Secure Access Link (SAL) Gateway versions 1.5, 1.8, and 2.0
Description
The default configuration of the Avaya Secure Access Link (SAL) Gateway contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields. This allows remote attackers to obtain sensitive information, such as alarm and log information, by leveraging administrative access to these domain names.
Recommendations
For Avaya Secure Access Link (SAL) Gateway version 1.5, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names.
For Avaya Secure Access Link (SAL) Gateway version 1.8, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names.
For Avaya Secure Access Link (SAL) Gateway version 2.0, update the Secondary Core Server URL and Secondary Remote Server URL fields to remove sensitive domain names.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Avaya Secure Access Link (Sal) Gateway