CVE-2015-2805: CSRF
First published: Tue Jun 16 2015(Updated: )
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alcatel-Lucent OmniSwitch Firmware | <=6.4.5.r02 | |
| Alcatel-Lucent OmniSwitch Firmware | <=6.4.6.r01 | |
| Alcatel-Lucent OmniSwitch Firmware | <=6.6.4.r01 | |
| Alcatel-Lucent OmniSwitch Firmware | <=6.6.5.r02 | |
| Alcatel-Lucent OmniSwitch Firmware | <=7.3.2.r01 | |
| Alcatel-Lucent OmniSwitch Firmware | <=7.3.3.r01 | |
| Alcatel-Lucent OmniSwitch Firmware | <=7.3.4.r01 | |
| Alcatel-Lucent OmniSwitch Firmware | <=8.1.1.r01 | |
| Alcatel-lucent Omniswitch 10k | ||
| Alcatel-lucent Omniswitch 6250 | ||
| Alcatel-Lucent OmniSwitch 6400 | ||
| Alcatel-Lucent OmniSwitch 6450 | ||
| Alcatel-lucent Omniswitch 6850e | ||
| Alcatel-lucent Omniswitch 6855 | ||
| Alcatel-lucent Omniswitch 6860 | ||
| Alcatel-lucent Omniswitch 6900 | ||
| Alcatel-lucent Omniswitch 9000e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2015/Jun/23
- http://www.securityfocus.com/archive/1/535732/100/0/threaded
- http://www.securityfocus.com/bid/75121
- http://www.securitytracker.com/id/1032544
- https://www.exploit-db.com/exploits/37261/
- https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Frequently Asked Questions
What is the severity of CVE-2015-2805?
The severity of CVE-2015-2805 is categorized as Medium, indicating a moderate risk to affected systems.
How do I fix CVE-2015-2805?
To fix CVE-2015-2805, update the affected Alcatel-Lucent OmniSwitch firmware to a version later than 8.1.1.R01.
What systems are affected by CVE-2015-2805?
CVE-2015-2805 affects Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 running specific firmware versions.
What type of vulnerability is CVE-2015-2805?
CVE-2015-2805 is a Cross-Site Request Forgery (CSRF) vulnerability.
Can CVE-2015-2805 be exploited remotely?
Yes, CVE-2015-2805 can be exploited remotely without authentication, which makes it a significant security concern.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/alcatel-lucent
- canonical/alcatel-lucent omniswitch firmware
- version/alcatel-lucent omniswitch firmware/6.4.5.r02
- version/alcatel-lucent omniswitch firmware/6.4.6.r01
- version/alcatel-lucent omniswitch firmware/6.6.4.r01
- version/alcatel-lucent omniswitch firmware/6.6.5.r02
- version/alcatel-lucent omniswitch firmware/7.3.2.r01
- version/alcatel-lucent omniswitch firmware/7.3.3.r01
- version/alcatel-lucent omniswitch firmware/7.3.4.r01
- version/alcatel-lucent omniswitch firmware/8.1.1.r01
- canonical/alcatel-lucent omniswitch 10k
- canonical/alcatel-lucent omniswitch 6250
- canonical/alcatel-lucent omniswitch 6400
- canonical/alcatel-lucent omniswitch 6450
- canonical/alcatel-lucent omniswitch 6850e
- canonical/alcatel-lucent omniswitch 6855
- canonical/alcatel-lucent omniswitch 6860
- canonical/alcatel-lucent omniswitch 6900
- canonical/alcatel-lucent omniswitch 9000e