CVE-2008-3777

CWE-200 — Information Exposure3 documents3 sources

Severity

2.1LOW

EPSS

0.1%

top 80.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Communication Manager Avaya SIP Enablement Services

Timeline

PublishedAug 25

Latest updateMay 2

Description

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDavaya/sip_enablement_services5.0

▶NVDavaya/communication_manager5.0

🔴Vulnerability Details

GHSA

GHSA-66pf-7874-v654: The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5↗2022-05-02

▶

CVEList

CVE-2008-3777: The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5↗2008-08-25

▶