cbcvebase.
CVE-2015-2804
published 2015-06-16

CVE-2015-2804: The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before…

PriorityP428medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
2.03%
78.6th percentile
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

Affected

4 ranges
VendorProductVersion rangeFixed in
alcatel-lucentomniswitch_firmware<= 6.4.5.r02
alcatel-lucentomniswitch_firmware<= 6.4.6.r01
alcatel-lucentomniswitch_firmware<= 6.6.4.r01
alcatel-lucentomniswitch_firmware<= 6.6.5.r02
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.