{"vuid":"VU#690315","idnumber":"690315","name":"Avaya Secure Access Link (SAL) Gateway information disclosure vulnerability","keywords":["Avaya","VOIP","leak"],"overview":"Avaya Secure Access Link (SAL) gateway releases 1.5, 1.8, and 2.0 have an information disclosure vulnerability in the default install.","clean_desc":"According to Avaya's Product Support Notice PSN003314u [PDF]: \"On installation of SAL Gateway with the default properties provided along with the installer, the Secondary Core Server URL and the Remote Server URL points to the secavaya.com and secaxeda.com respectively which are invalid public domain servers and not owned by Avaya. These servers resolve to invalid domains and pose a security threat. Secondary Core Server URL should be same as the primary Core Server URL and Secondary Remote Server URL should be same as the primary Remote Server URL.\"","impact":"Information from the SAL gateway, such as alarms or logs, may be sent to secavaya.com and secaxeda.com email addresses.","resolution":"The Avaya Product Support Notice PSN003314u [PDF] states: \"To resolve this problem, please do the following steps: Login to the SAL Gateway UI with the user having either Security Administrator or Administrator role. Navigate to the Administration section of the SAL Gateway menu, click on Core Server. In the Secondary Core Server field, enter the host name same as the primary Core Server hostname for the secondary Secure Access Concentrator Core Server. In the Port field, enter the port number same as the primary Core Server port number for the secondary Secure Access Concentrator Core Server. Click on Apply. Navigate to the Administration section of the SAL Gateway menu, click Remote Server. In the Secondary Remote Server field, enter the hostname same as the primary Remote Server hostname for the secondary Secure Access Concentrator Remote Server. In the Port field, enter the port number same as the primary Remote Server port number for the secondary Secure Access Concentrator Remote Server. Click on Apply. Logout from the Gateway UI.\"","workarounds":"","sysaffected":"","thanks":"Thank you to the reporter who wishes to remain anonymous.","author":"This document was written by Jared Allar.","public":["h","t","t","p",":","/","/","s","u","p","p","o","r","t",".","a","v","a","y","a",".","c","o","m","/","c","s","s","/","P","8","/","d","o","c","u","m","e","n","t","s","/","1","0","0","1","4","0","4","8","3"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-07-26T15:01:42Z","publicdate":"2011-05-16T00:00:00Z","datefirstpublished":"2011-07-29T12:32:10Z","dateupdated":"2011-07-29T12:43:21Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"8","cam_exploitation":"5","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"6","cam_attackeraccessrequired":"8","cam_scorecurrent":"0.9072","cam_scorecurrentwidelyknown":"1.512","cam_scorecurrentwidelyknownexploited":"2.268","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.9072,"vulnote":null}