Lucene search
K

9 matches found

CNVD
CNVD
added 2015/06/17 12:0 a.m.6 views

Multiple Alcatel-Lucent OmniSwitch Products Session Hijacking Vulnerability

The Alcatel-Lucent OmniSwitch 6450 is a switch product developed by Alcatel-Lucent of France. Several Alcatel-Lucent OmniSwitch products fail to properly generate weak session identifiers in the web management interface, allowing remote attackers to hijack sessions via brute force attacks...

4.3CVSS7AI score0.02026EPSS
Exploits3References1
NVD
NVD
added 2015/06/16 4:59 p.m.14 views

CVE-2015-2805

Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...

6.8CVSS7AI score0.03048EPSS
Exploits5References7
Prion
Prion
added 2015/06/16 4:59 p.m.12 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in sec/content/secasauserslocaldbadd.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01,...

6.8CVSS7.6AI score0.03048EPSS
Exploits5References7Affected Software1
NVD
NVD
added 2015/06/16 4:59 p.m.16 views

CVE-2015-2804

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack...

4.3CVSS6.8AI score0.02026EPSS
Exploits3References5
CVE
CVE
added 2015/06/16 4:0 p.m.60 views

CVE-2015-2805

The CVE-2015-2805 issue affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860) across multiple AOS firmware versions (6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, 8.1.1.R01). The vulnerability is a Cross-site request forger...

6.8CVSS7.2AI score0.03048EPSS
Exploits5References7Affected Software1
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.47 views

[RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

6.8CVSS6.2AI score0.03048EPSS
Exploits5
0day.today
0day.today
added 2015/06/10 12:0 a.m.78 views

Alcatel-Lucent OmniSwitch Web Interface Weak Session ID Vulnerability

Vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate as a currently logged-in user and perform administrative tasks Details ======= Product: Alcatel-Lucent OmniSwitch 6450, 6250...

4.3CVSS6.4AI score0.02026EPSS
Exploits3
Packet Storm
Packet Storm
added 2015/06/10 12:0 a.m.53 views

Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web interface has no protection against cross-site request...

6.8CVSS0.3AI score0.03048EPSS
Exploits5
exploitpack
exploitpack
added 2015/06/10 12:0 a.m.49 views

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery

Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. The management web...

6.8CVSS0.6AI score0.03048EPSS
Exploits5
Rows per page
Query Builder