CVE-2008-3777

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

Published: Aug 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3777
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
avaya / sip_enablement_services	5.0	5.0.x
avaya / communication_manager	5.0	5.0.x

http://support.avaya.com/elmodocs2/security/ASA-2008-347.htm
http://www.securityfocus.com/bid/30758
https://exchange.xforce.ibmcloud.com/vulnerabilities/44586

Vulnerability Database

289,689

CVE-2008-3777