CVE-2015-2805 in OmniSwitchinfo

Summary

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

03/30/2015

Disclosure

06/16/2015

Moderation

VulDB entry created

Entries

1: VDB-75841

CPE

ready

CWE

CWE-352 (Confirmed)

Exploit

Download

CVSS

4.3

EPSS

0.01115

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-2805
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-2805
CVE Details	https://www.cvedetails.com/cve/CVE-2015-2805/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!