VYPR

Omniswitch Firmware

by Alcatel Lucent

CVEs (2)

  • CVE-2015-2805Jun 16, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02,…

  • CVE-2015-2804Jun 16, 2015
    risk 0.00cvss epss 0.02

    The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force…