Produkt Omniswitch firmware (...) - CVEMAP.ORG

Podatności dla 'Omniswitch firmware'

2015-06-16

CVE-2015-2805

CWE-352

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

CVE-2015-2804

CWE-200

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

>>> Vendor: Alcatel-lucent 18 Produkty

Omniaccess wireless

Voice mail system

Omnitouch contact center

Omnivista 4760 server

Omnitouch 8400 instant communications suite

Omnitouch 8460 advanced communication server

Omnitouch 8660 my teamwork

Omnitouch 8670 automated delivery message delivery system

Omniswitch firmware

Cellpipe 7130 router firmware

Cellpipe 7130 rg 5ae.m2013 hol firmware

Omnivista 8770 network management system

Motive home device manager

Home device manager

Copyright 2024, cxsecurity.com