CVE-2015-2804

Published Jun 16, 2015

Last updated 3 months ago

CVSS info 4.3

Overview

Description: The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "146D0494-CC3B-47E9-8798-631AA8015A73",
            "versionEndIncluding": "6.4.5.r02"
          },
          {
            "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD",
            "versionEndIncluding": "6.4.6.r01"
          },
          {
            "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE",
            "versionEndIncluding": "6.6.4.r01"
          },
          {
            "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB4AC6CF-716C-4A40-B0BB-8C652565FD52",
            "versionEndIncluding": "6.6.5.r02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D"
          },
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6E628D41-4AC8-4C60-8353-028588BAE9C0"
          },
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A4D9AB0D-317D-4147-B944-02922FC3E14A"
          },
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2026FD8F-2734-4927-AE3D-F346B6A3F7DD"
          },
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9CA46E94-6195-4AD9-A6C1-97F309D57614"
          },
          {
            "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References