2 matches found
CVE-2015-2804
CVE-2015-2804 affects Alcatel-Lucent OmniSwitch models (6450, 6250, 6850E, 9000E, 6400, 6855) with AOS firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02. The vulnerability is weak session identifier generation in the management web interface, enabling remote session hijacking via brut...
Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
Advisory: Alcatel-Lucent OmniSwitch Web Interface Weak Session ID During a penetration test, RedTeam Pentesting discovered a vulnerability in the management web interface of an Alcatel-Lucent OmniSwitch 6450. This interface uses easily guessable session IDs, which allows attackers to authenticate...