CVE-2015-4586

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL version 1.0.0.20h.HOL

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that create a user account via an add user action in a request to password.cmd.

Recommendations For version 1.0.0.20h.HOL, as a temporary workaround, consider restricting access to the password.cmd endpoint to minimize the risk of exploitation. Avoid using the add user action in requests to this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.