PT-2015-5900 · Alcatel Lucent · Alcatel-Lucent Omniswitch
Published
2015-06-16
·
Updated
2018-10-09
·
CVE-2015-2804
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Alcatel-Lucent OmniSwitch versions prior to 6.6.4.309.R01
Alcatel-Lucent OmniSwitch 6.6.5.x versions prior to 6.6.5.80.R02
Description
The management web interface generates weak session identifiers, allowing remote attackers to hijack arbitrary sessions via a brute force attack.
Recommendations
For Alcatel-Lucent OmniSwitch versions prior to 6.6.4.309.R01, update to version 6.6.4.309.R01 or later.
For Alcatel-Lucent OmniSwitch 6.6.5.x versions prior to 6.6.5.80.R02, update to version 6.6.5.80.R02 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alcatel-Lucent Omniswitch