Unrated severityNVD Advisory· Published Aug 25, 2008· Updated Apr 23, 2026

CVE-2008-3777

Description

The SIP Enablement Services (SES) Server in Avaya SIP Enablement Services 5.0, and Communication Manager (CM) 5.0 on the S8300C with SES enabled, writes account names and passwords to the (1) alarm and (2) system logs during failed login attempts, which allows local users to obtain login credentials by reading these logs.

Affected products

Avaya/Sip Enablement Services
cpe:2.3:a:avaya:sip_enablement_services:5.0:*:*:*:*:*:*:*
Avaya/Communication Manager
cpe:2.3:a:avaya:communication_manager:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.avaya.com/elmodocs2/security/ASA-2008-347.htmnvd
www.securityfocus.com/bid/30758nvd
exchange.xforce.ibmcloud.com/vulnerabilities/44586nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000