Lucene search
K

10 matches found

CNVD
CNVD
added 2015/06/17 12:0 a.m.6 views

Multiple Alcatel-Lucent OmniSwitch Products Session Hijacking Vulnerability

The Alcatel-Lucent OmniSwitch 6450 is a switch product developed by Alcatel-Lucent of France. Several Alcatel-Lucent OmniSwitch products fail to properly generate weak session identifiers in the web management interface, allowing remote attackers to hijack sessions via brute force attacks...

4.3CVSS7AI score0.02026EPSS
Exploits3References1
Prion
Prion
added 2015/06/16 4:59 p.m.21 views

Design/Logic Flaw

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...

4.3CVSS7.4AI score0.02026EPSS
Exploits3References5Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.60 views

[RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...

4.3CVSS6.3AI score0.02026EPSS
Exploits3
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.47 views

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

6.8CVSS6.2AI score0.03048EPSS
Exploits5
Packet Storm
Packet Storm
added 2015/06/10 12:0 a.m.73 views

Alcatel-Lucent OmniSwitch Web Interface Weak Session ID

Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...

4.3CVSS6.7AI score0.02026EPSS
Exploits3
0day.today
0day.today
added 2015/06/10 12:0 a.m.78 views

Alcatel-Lucent OmniSwitch Web Interface Weak Session ID Vulnerability

Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250...

4.3CVSS6.4AI score0.02026EPSS
Exploits3
Exploit DB
Exploit DB
added 2015/06/10 12:0 a.m.54 views

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

6.8CVSS6.6AI score0.03048EPSS
Exploits5
exploitpack
exploitpack
added 2015/06/10 12:0 a.m.42 views

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...

6.8CVSS0.6AI score0.03048EPSS
Exploits5
Packet Storm
Packet Storm
added 2015/06/10 12:0 a.m.53 views

Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

6.8CVSS0.3AI score0.03048EPSS
Exploits5
0day.today
0day.today
added 2015/06/10 12:0 a.m.46 views

Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery Vulnerability

Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request forgery attacks. This allows specially crafted web pages to change the switch configuration and create users, if an administrator accesses...

6.8CVSS0.5AI score0.03048EPSS
Exploits5
Rows per page
Query Builder