CVE-2015-2805
Summary
| CVE | CVE-2015-2805 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-16 16:59:00 UTC |
| Updated | 2018-10-09 19:56:00 UTC |
| Description | Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. |
Risk And Classification
Problem Types: CWE-352
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Alcatel-lucent | Omniswitch 10k | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 10k | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6250 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6250 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6400 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6400 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6450 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6450 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6850e | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6850e | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6855 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6855 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6860 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6860 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6900 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 6900 | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 9000e | All | All | All | All |
| Hardware | Alcatel-lucent | Omniswitch 9000e | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
| Operating System | Alcatel-lucent | Omniswitch Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Multiple Alcatel-Lucent OmniSwitch Products CVE-2015-2805 Cross Site Request Forgery Vulnerability | BID | www.securityfocus.com | |
| Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery - Hardware webapps Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Alcatel-Lucent OmniSwitch Web Interface Cross Site Request Forgery ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit |
| Alcatel OmniSwitch Web Interface Flaw Lets Remote Users Conduct Cross-Site Request Forgery Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| RedTeam Pentesting GmbH - Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery | MISC | www.redteam-pentesting.de | Exploit |
| Full Disclosure: [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery | FULLDISC | seclists.org | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.