Vulnerability Description
The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Sip Enablement Services | 5.0 |
| Avaya | S8300C Server | All versions |
| Avaya | Communication Manager | 5.0 |
Related Weaknesses (CWE)
References
- http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
- http://www.securityfocus.com/bid/30758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44586
- http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
- http://www.securityfocus.com/bid/30758
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44586
FAQ
What is CVE-2008-3777?
CVE-2008-3777 is a vulnerability with a CVSS score of 2.1 (LOW). The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm an...
How severe is CVE-2008-3777?
CVE-2008-3777 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3777?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Sip Enablement Services, Avaya S8300C Server, Avaya Communication Manager.