Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for omniswitch_firmware by alcatel-lucent

    CVE-2015-2805 (GCVE-0-2015-2805)

    Vulnerability from nvd – Published: 2015-06-16 16:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
              },
              {
                "name": "1032544",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032544"
              },
              {
                "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
              },
              {
                "name": "75121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75121"
              },
              {
                "name": "37261",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/37261/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
            },
            {
              "name": "1032544",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032544"
            },
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
            },
            {
              "name": "75121",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75121"
            },
            {
              "name": "37261",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/37261/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
                },
                {
                  "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
                  "refsource": "MISC",
                  "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
                },
                {
                  "name": "1032544",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032544"
                },
                {
                  "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
                },
                {
                  "name": "75121",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75121"
                },
                {
                  "name": "37261",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/37261/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2805",
        "datePublished": "2015-06-16T16:00:00.000Z",
        "dateReserved": "2015-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2804 (GCVE-0-2015-2804)

    Vulnerability from nvd – Published: 2015-06-16 16:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
              },
              {
                "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
              },
              {
                "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
              },
              {
                "name": "75125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
            },
            {
              "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
            },
            {
              "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
            },
            {
              "name": "75125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2804",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id",
                  "refsource": "MISC",
                  "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
                },
                {
                  "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
                },
                {
                  "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
                },
                {
                  "name": "75125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2804",
        "datePublished": "2015-06-16T16:00:00.000Z",
        "dateReserved": "2015-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2804 (GCVE-0-2015-2804)

    Vulnerability from cvelistv5 – Published: 2015-06-16 16:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
              },
              {
                "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
              },
              {
                "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
              },
              {
                "name": "75125",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75125"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
            },
            {
              "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
            },
            {
              "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
            },
            {
              "name": "75125",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75125"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2804",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id",
                  "refsource": "MISC",
                  "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id"
                },
                {
                  "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jun/22"
                },
                {
                  "name": "20150610 [RT-SA-2015-003] Alcatel-Lucent OmniSwitch Web Interface Weak Session ID",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535731/100/0/threaded"
                },
                {
                  "name": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html"
                },
                {
                  "name": "75125",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75125"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2804",
        "datePublished": "2015-06-16T16:00:00.000Z",
        "dateReserved": "2015-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2805 (GCVE-0-2015-2805)

    Vulnerability from cvelistv5 – Published: 2015-06-16 16:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-06-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.893Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
              },
              {
                "name": "1032544",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1032544"
              },
              {
                "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
              },
              {
                "name": "75121",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/75121"
              },
              {
                "name": "37261",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/37261/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-06-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-09T18:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
            },
            {
              "name": "1032544",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1032544"
            },
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
            },
            {
              "name": "75121",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/75121"
            },
            {
              "name": "37261",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/37261/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-2805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
                },
                {
                  "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
                  "refsource": "MISC",
                  "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
                },
                {
                  "name": "1032544",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1032544"
                },
                {
                  "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
                },
                {
                  "name": "75121",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/75121"
                },
                {
                  "name": "37261",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/37261/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-2805",
        "datePublished": "2015-06-16T16:00:00.000Z",
        "dateReserved": "2015-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.893Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }