CVE-2015-2805
Summary
| CVE | CVE-2015-2805 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-16 16:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:N/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Alcatel-lucent | Omniswitch 10k | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6250 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6400 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6450 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6850e | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6855 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6860 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6900 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 9000e | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| RedTeam Pentesting GmbH - Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery | af854a3a-2127-422b-91ae-364da2661108 | www.redteam-pentesting.de | Exploit |
| Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery - Hardware webapps Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Exploit |
| Alcatel OmniSwitch Web Interface Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Full Disclosure: [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | Exploit |
| Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Multiple Alcatel-Lucent OmniSwitch Products CVE-2015-2805 Cross Site Request Forgery Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.