Back to search
CVE-2015-2805
Published: Jun 16, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
mailing-list
x_refsource_BUGTRAQ
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
x_refsource_MISC
1032544
vdb-entry
x_refsource_SECTRACK
20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery
mailing-list
x_refsource_FULLDISC
75121
vdb-entry
x_refsource_BID
37261
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now