CVE-2015-2805

Name of the Vulnerable Software and Affected Versions Alcatel-Lucent OmniSwitch versions 6.4.5.R02 through 8.1.1.R01

Description A cross-site request forgery (CSRF) issue exists in the management web interface, specifically in the sec/content/sec asa users local db add.html file. This allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

Recommendations For versions 6.4.5.R02 through 8.1.1.R01, as a temporary workaround, consider restricting access to the sec/content/sec asa users local db add.html file in the management web interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.