Unrated severityNVD Advisory· Published Oct 3, 2008· Updated Apr 23, 2026

CVE-2008-4383

Description

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Affected products

Alcatel/Aos
cpe:2.3:o:alcatel:aos:*:*:*:*:*:*:*:*
Range: >=5.1,<5.1.6.463.r02

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/31435nvdThird Party Advisory
securityreason.com/securityalert/4347nvdThird Party Advisory
www.securityfocus.com/archive/1/495343/100/0/threadednvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/30652nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2008/2346nvdThird Party Advisory
www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htmnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/44400nvdThird Party AdvisoryVDB Entry
www.layereddefense.com/alcatel12aug.htmlnvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.018
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000