← Back

CVE-2015-2804

nvd nist
Published: Jun 16, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

Affected (4)

Alcatel Lucent
1 product
Omniswitch Firmware
Configuration A
4 vulnerable · 6 platform
Vulnerable SoftwareAffected Versions
Alcatel Lucent
Omniswitch Firmware
Up to 6.4.5.r02
Omniswitch Firmware
Up to 6.4.6.r01
Omniswitch Firmware
Up to 6.6.4.r01
Omniswitch Firmware
Up to 6.6.5.r02
Running on/withPlatform Versions
Alcatel Lucent
Omniswitch 6250
All versions
Alcatel Lucent
Omniswitch 6400
All versions
Alcatel Lucent
Omniswitch 6450
All versions
Alcatel Lucent
Omniswitch 6850e
All versions
Alcatel Lucent
Omniswitch 6855
All versions
Alcatel Lucent
Omniswitch 9000e
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.