Vulnerabilities > Alcatel Lucent > Omniswitch Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-06-16 | CVE-2015-2805 | Cross-Site Request Forgery (CSRF) vulnerability in Alcatel-Lucent Omniswitch Firmware Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. | 6.8 |
2015-06-16 | CVE-2015-2804 | Information Exposure vulnerability in Alcatel-Lucent Omniswitch Firmware The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | 4.3 |