Executive Summary
Summary | |
---|---|
Title | Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability |
Informations | |||
---|---|---|---|
Name | VU#690315 | First vendor Publication | 2011-07-29 |
Vendor | VU-CERT | Last vendor Modification | 2011-07-29 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#690315Avaya Secure Access Link (SAL) Gateway information disclosure vulnerabilityOverviewAvaya Secure Access Link (SAL) gateway releases 1.5, 1.8, and 2.0 have an information disclosure vulnerability in the default install.I. DescriptionAccording to Avaya's Product Support Notice PSN003314u [PDF]:"On installation of SAL Gateway with the default properties provided along with the installer, the Secondary Core Server URL and the Remote Server URL points to the secavaya.com and secaxeda.com respectively which are invalid public domain servers and not owned by Avaya. These servers resolve to invalid domains and pose a security threat. Secondary Core Server URL should be same as the primary Core Server URL and Secondary Remote Server URL should be same as the primary Remote Server URL."
Vendor Information
Referenceshttp://support.avaya.com/css/P8/documents/100140483 Thank you to the reporter who wishes to remain anonymous. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/690315 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-16 | Configuration |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75202 | Avaya Secure Access Link (SAL) Gateway Secondary Server URL Field Remote Info... |