CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2804

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.8%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2015-2804

Alcatel-Lucent » Omniswitch 6250 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6250:*
Alcatel-Lucent » Omniswitch 6400 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6400:*
Alcatel-Lucent » Omniswitch 6450 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6450:*
Alcatel-Lucent » Omniswitch 6850e » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*
Alcatel-Lucent » Omniswitch 6855 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6855:*
Alcatel-Lucent » Omniswitch 9000e » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*
Alcatel-Lucent » Omniswitch Firmware » Version: Any

cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2804

Products

Pricing

Contact Us