CVE-2015-2804

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*
cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:28

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html - Exploit () http://packetstormsecurity.com/files/132235/Alcatel-Lucent-OmniSwitch-Web-Interface-Weak-Session-ID.html - Exploit
References () http://seclists.org/fulldisclosure/2015/Jun/22 - Exploit () http://seclists.org/fulldisclosure/2015/Jun/22 - Exploit
References () http://www.securityfocus.com/archive/1/535731/100/0/threaded - () http://www.securityfocus.com/archive/1/535731/100/0/threaded -
References () http://www.securityfocus.com/bid/75125 - () http://www.securityfocus.com/bid/75125 -
References () https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id - Exploit () https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-003/-alcatel-lucent-omniswitch-web-interface-weak-session-id - Exploit

Information

Published : 2015-06-16 16:59

Updated : 2024-11-21 02:28


NVD link : CVE-2015-2804

Mitre link : CVE-2015-2804

CVE.ORG link : CVE-2015-2804


JSON object : View

Products Affected

alcatel-lucent

  • omniswitch_6855
  • omniswitch_6400
  • omniswitch_9000e
  • omniswitch_6250
  • omniswitch_6850e
  • omniswitch_6450
  • omniswitch_firmware
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor