CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2805

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 78.9%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2015-2805

Alcatel-Lucent » Omniswitch 10k » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_10k:*
Alcatel-Lucent » Omniswitch 6250 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6250:*
Alcatel-Lucent » Omniswitch 6400 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6400:*
Alcatel-Lucent » Omniswitch 6450 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6450:*
Alcatel-Lucent » Omniswitch 6850e » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*
Alcatel-Lucent » Omniswitch 6855 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6855:*
Alcatel-Lucent » Omniswitch 6860 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6860:*
Alcatel-Lucent » Omniswitch 6900 » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_6900:*
Alcatel-Lucent » Omniswitch 9000e » Version: Any

cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*
Alcatel-Lucent » Omniswitch Firmware » Version: Any

cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2805

Products

Pricing

Contact Us