Alcatel-Lucent Omniswitch Firmware vulnerabilities
2 known vulnerabilities affecting alcatel-lucent/omniswitch_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2015-2805P3MEDIUMCVSS 6.8PoC≤ 6.4.5.r02≤ 6.4.6.r01+6 more2015-06-16
CVE-2015-2805 [MEDIUM] CWE-352 CVE-2015-2805: Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in th
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack
nvd
CVE-2015-2804P4MEDIUMCVSS 4.3≤ 6.4.5.r02≤ 6.4.6.r01+2 more2015-06-16
CVE-2015-2804 [MEDIUM] CWE-200 CVE-2015-2804: The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 w
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
nvd