cvelistv5 - cve-2015-2805

CVE-2015-2805 (GCVE-0-2015-2805)

Vulnerability from cvelistv5 – Published: 2015-06-16 16:00 – Updated: 2024-08-06 05:24

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/535732/100…	mailing-listx_refsource_BUGTRAQ
	https://www.redteam-pentesting.de/advisories/rt-s…	x_refsource_MISC
	http://www.securitytracker.com/id/1032544	vdb-entryx_refsource_SECTRACK
	http://seclists.org/fulldisclosure/2015/Jun/23	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/bid/75121	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/37261/	exploitx_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/132236/Alcat…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:24:38.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
          },
          {
            "name": "1032544",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032544"
          },
          {
            "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
          },
          {
            "name": "75121",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75121"
          },
          {
            "name": "37261",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37261/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
        },
        {
          "name": "1032544",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032544"
        },
        {
          "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
        },
        {
          "name": "75121",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75121"
        },
        {
          "name": "37261",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37261/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2805",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
            },
            {
              "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
              "refsource": "MISC",
              "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
            },
            {
              "name": "1032544",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032544"
            },
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
            },
            {
              "name": "75121",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75121"
            },
            {
              "name": "37261",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37261/"
            },
            {
              "name": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2805",
    "datePublished": "2015-06-16T16:00:00",
    "dateReserved": "2015-03-30T00:00:00",
    "dateUpdated": "2024-08-06T05:24:38.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.4.5.r02\", \"matchCriteriaId\": \"146D0494-CC3B-47E9-8798-631AA8015A73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.4.6.r01\", \"matchCriteriaId\": \"8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.6.4.r01\", \"matchCriteriaId\": \"A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.6.5.r02\", \"matchCriteriaId\": \"AB4AC6CF-716C-4A40-B0BB-8C652565FD52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3.2.r01\", \"matchCriteriaId\": \"FB40E084-75AF-4851-A2DC-A9D6C175C1E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3.3.r01\", \"matchCriteriaId\": \"F70B59CA-426A-49A1-BD75-516FBC0A4935\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.3.4.r01\", \"matchCriteriaId\": \"C61B0959-BF8F-4645-9690-B5E7D43CD0D1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"8.1.1.r01\", \"matchCriteriaId\": \"6B01558D-907A-4746-A09C-5761A6EE5B8C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F7C154AC-D64C-4CB0-99E6-1792B23237BE\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E628D41-4AC8-4C60-8353-028588BAE9C0\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4D9AB0D-317D-4147-B944-02922FC3E14A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2026FD8F-2734-4927-AE3D-F346B6A3F7DD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9CA46E94-6195-4AD9-A6C1-97F309D57614\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6558791-5C3C-451C-B8C9-498A27555248\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C314BC45-D037-4FD9-B893-A737358EA851\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.html en la interfaz de gesti\\u00f3n en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, y 6860 con firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, y 8.1.1.R01 permite a atacantes remotos secuestrar la autenticaci\\u00f3n de administradores para solicitudes que crean usuarios a trav\\u00e9s de una solicitud manipulada.\"}]",
      "id": "CVE-2015-2805",
      "lastModified": "2024-11-21T02:28:06.697",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-06-16T16:59:01.113",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Jun/23\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/535732/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/75121\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032544\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/37261/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2015/Jun/23\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/535732/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/75121\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032544\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/37261/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-2805\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-06-16T16:59:01.113\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.html en la interfaz de gesti\u00f3n en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, y 6860 con firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, y 8.1.1.R01 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean usuarios a trav\u00e9s de una solicitud manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4.5.r02\",\"matchCriteriaId\":\"146D0494-CC3B-47E9-8798-631AA8015A73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.4.6.r01\",\"matchCriteriaId\":\"8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.6.4.r01\",\"matchCriteriaId\":\"A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.6.5.r02\",\"matchCriteriaId\":\"AB4AC6CF-716C-4A40-B0BB-8C652565FD52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.2.r01\",\"matchCriteriaId\":\"FB40E084-75AF-4851-A2DC-A9D6C175C1E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.3.r01\",\"matchCriteriaId\":\"F70B59CA-426A-49A1-BD75-516FBC0A4935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.3.4.r01\",\"matchCriteriaId\":\"C61B0959-BF8F-4645-9690-B5E7D43CD0D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"8.1.1.r01\",\"matchCriteriaId\":\"6B01558D-907A-4746-A09C-5761A6EE5B8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C154AC-D64C-4CB0-99E6-1792B23237BE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E628D41-4AC8-4C60-8353-028588BAE9C0\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4D9AB0D-317D-4147-B944-02922FC3E14A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2026FD8F-2734-4927-AE3D-F346B6A3F7DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CA46E94-6195-4AD9-A6C1-97F309D57614\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6558791-5C3C-451C-B8C9-498A27555248\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C314BC45-D037-4FD9-B893-A737358EA851\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Jun/23\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/535732/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/75121\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032544\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/37261/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://seclists.org/fulldisclosure/2015/Jun/23\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/archive/1/535732/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/75121\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032544\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/37261/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://www.redteam-pentesting.de/advisories/rt-sa-2015-004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

GSD-2015-2805

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-2805

Aliases

CVE-2015-2805

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-2805",
    "description": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.",
    "id": "GSD-2015-2805",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-2805"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-2805"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.",
      "id": "GSD-2015-2805",
      "modified": "2023-12-13T01:20:00.310634Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-2805",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
          },
          {
            "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
            "refsource": "MISC",
            "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
          },
          {
            "name": "1032544",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032544"
          },
          {
            "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
          },
          {
            "name": "75121",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75121"
          },
          {
            "name": "37261",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/37261/"
          },
          {
            "name": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.5.r02",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.1.1.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.6.5.r02",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.2.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.6.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.6.4.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.3.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.4.r01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2805"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
            },
            {
              "name": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
            },
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
            },
            {
              "name": "37261",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/37261/"
            },
            {
              "name": "1032544",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032544"
            },
            {
              "name": "75121",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75121"
            },
            {
              "name": "20150610 [RT-SA-2015-004] Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:56Z",
      "publishedDate": "2015-06-16T16:59Z"
    }
  }
}

CNVD-2015-03785

Vulnerability from cnvd - Published: 2015-06-15

Title

Alcatel OmniSwitch WEB接口跨站请求伪造漏洞

Description

Alcatel OmniSwitch是一款企业级交换机。 Alcatel OmniSwitch WEB接口存在跨站请求伪造漏洞，允许远程攻击者构建恶意URI，诱使用户解析，可以目标用户上下文执行恶意操作。

Severity

低

Formal description

目前没有详细解决方案提供： http://enterprise.alcatel-lucent.com/

Reference

https://www.redteam-pentesting.de/advisories/rt-sa-2015-004

Impacted products

Name
['Alcatel OmniSwitch 6860', 'Alcatel OmniSwitch 10K', 'Alcatel OmniSwitch 6900', 'Alcatel OmniSwitch 6855', 'Alcatel OmniSwitch 6400', 'Alcatel OmniSwitch 9000E', 'Alcatel OmniSwitch 6850E', 'Alcatel OmniSwitch 6250', 'Alcatel OmniSwitch 6450', 'Alcatel OmniSwitch 7700', 'Alcatel OmniSwitch 7800']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75121"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2805"
    }
  },
  "description": "Alcatel OmniSwitch\u662f\u4e00\u6b3e\u4f01\u4e1a\u7ea7\u4ea4\u6362\u673a\u3002\r\n\r\nAlcatel OmniSwitch WEB\u63a5\u53e3\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fURI\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u53ef\u4ee5\u76ee\u6807\u7528\u6237\u4e0a\u4e0b\u6587\u6267\u884c\u6076\u610f\u64cd\u4f5c\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://enterprise.alcatel-lucent.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03785",
  "openTime": "2015-06-15",
  "products": {
    "product": [
      "Alcatel OmniSwitch 6860",
      "Alcatel OmniSwitch 10K",
      "Alcatel OmniSwitch 6900",
      "Alcatel OmniSwitch 6855",
      "Alcatel OmniSwitch 6400",
      "Alcatel OmniSwitch 9000E",
      "Alcatel OmniSwitch 6850E",
      "Alcatel OmniSwitch 6250",
      "Alcatel OmniSwitch 6450",
      "Alcatel OmniSwitch 7700",
      "Alcatel OmniSwitch 7800"
    ]
  },
  "referenceLink": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
  "serverity": "\u4f4e",
  "submitTime": "2015-06-11",
  "title": "Alcatel OmniSwitch WEB\u63a5\u53e3\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

VAR-201506-0116

Vulnerability from variot - Updated: 2023-12-18 13:57

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Alcatel OmniSwitch is an enterprise-class switch. Multiple Alcatel-Lucent OmniSwitch products are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Alcatel-Lucent OmniSwitch 6450, etc. are switches products of Alcatel-Lucent (Alcatel-Lucent) in France. The following products and versions are affected: using version 6.4.5.R02, version 6.4.6.R01, version 6.6.4.R01, version 6.6.5.R02, version 7.3.2.R01, version 7.3.3.R01, Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 with firmware 7.3.4.R01 and 8.1.1.R01

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0116",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "6.4.5.r02"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "6.4.6.r01"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "6.6.4.r01"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "6.6.5.r02"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "7.3.2.r01"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "7.3.3.r01"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "7.3.4.r01"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 1.4,
        "vendor": "alcatel lucent",
        "version": "8.1.1.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "6.6.4.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "8.1.1.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "7.3.2.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "6.6.5.r02"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "7.3.4.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "6.4.5.r02"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "6.4.6.r01"
      },
      {
        "model": "omniswitch",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "alcatel lucent",
        "version": "7.3.3.r01"
      },
      {
        "model": "omniswitch 10k",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6250",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6400",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6450",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6855",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6860",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6900",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e",
        "scope": null,
        "trust": 0.8,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6860"
      },
      {
        "model": "omniswitch 10k",
        "scope": null,
        "trust": 0.6,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6900"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6855"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6400"
      },
      {
        "model": "omniswitch 9000e",
        "scope": null,
        "trust": 0.6,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": "omniswitch 6850e",
        "scope": null,
        "trust": 0.6,
        "vendor": "alcatel",
        "version": null
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6250"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "6450"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "7700"
      },
      {
        "model": "omniswitch",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "alcatel",
        "version": "7800"
      },
      {
        "model": "omniswitch 9000e 8.1.1.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 7.3.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 7.3.3.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 7.3.2.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 6.6.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 6.6.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 6.4.6.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 9000e 6.4.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6900"
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6860"
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6855"
      },
      {
        "model": "omniswitch 6850e 8.1.1.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 7.3.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 7.3.3.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 7.3.2.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 6.6.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 6.6.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 6.4.6.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 6850e 6.4.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6450"
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6400"
      },
      {
        "model": "omniswitch 8.1.1.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 7.3.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 7.3.3.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 7.3.2.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 6.6.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 6.6.4.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 6.4.6.r01",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 6.4.5.r02",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": "6250"
      },
      {
        "model": "omniswitch 10k 8.1.1.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 7.3.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 7.3.3.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 7.3.2.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 6.6.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 6.6.4.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 6.4.6.r01",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      },
      {
        "model": "omniswitch 10k 6.4.5.r02",
        "scope": null,
        "trust": 0.3,
        "vendor": "alcatel lucent",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "BID",
        "id": "75121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.5.r02",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "8.1.1.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.6.5.r02",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.2.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.6.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.6.4.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.3.r01",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.3.4.r01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RedTeam Pentesting GmbH",
    "sources": [
      {
        "db": "BID",
        "id": "75121"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-2805",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-2805",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.8,
            "id": "CNVD-2015-03785",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-80766",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-2805",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-03785",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-297",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-80766",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Alcatel OmniSwitch is an enterprise-class switch. Multiple Alcatel-Lucent OmniSwitch products are prone to a cross-site request-forgery vulnerability. \nAn attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Alcatel-Lucent OmniSwitch 6450, etc. are switches products of Alcatel-Lucent (Alcatel-Lucent) in France. The following products and versions are affected: using version 6.4.5.R02, version 6.4.6.R01, version 6.6.4.R01, version 6.6.5.R02, version 7.3.2.R01, version 7.3.3.R01, Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 with firmware 7.3.4.R01 and 8.1.1.R01",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "BID",
        "id": "75121"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      }
    ],
    "trust": 2.52
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-80766",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-2805",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "75121",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "132236",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "37261",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1032544",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "db": "BID",
        "id": "75121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "id": "VAR-201506-0116",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      }
    ],
    "trust": 1.322222233333333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:57:36.310000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.alcatel-lucent.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/37261/"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2015/jun/23"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/132236/alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1032544"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75121"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-004/-alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2805"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2805"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/535732/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://enterprise.alcatel-lucent.com/?product=omniswitch6450\u0026page=overview"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "db": "BID",
        "id": "75121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "db": "BID",
        "id": "75121"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-15T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "date": "2015-06-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "BID",
        "id": "75121"
      },
      {
        "date": "2015-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "date": "2015-06-16T16:59:01.113000",
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "date": "2015-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-06-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-03785"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-80766"
      },
      {
        "date": "2015-06-10T00:00:00",
        "db": "BID",
        "id": "75121"
      },
      {
        "date": "2015-06-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      },
      {
        "date": "2018-10-09T19:56:24.607000",
        "db": "NVD",
        "id": "CVE-2015-2805"
      },
      {
        "date": "2015-06-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Alcatel-Lucent OmniSwitch Firmware management  Web Cross-site request forgery vulnerability in the interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003165"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-297"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2015-2805

Vulnerability from fkie_nvd - Published: 2015-06-16 16:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html	Exploit
cve@mitre.org	http://seclists.org/fulldisclosure/2015/Jun/23	Exploit
cve@mitre.org	http://www.securityfocus.com/archive/1/535732/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/75121
cve@mitre.org	http://www.securitytracker.com/id/1032544
cve@mitre.org	https://www.exploit-db.com/exploits/37261/	Exploit
cve@mitre.org	https://www.redteam-pentesting.de/advisories/rt-sa-2015-004	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2015/Jun/23	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/535732/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75121
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032544
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/37261/	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.redteam-pentesting.de/advisories/rt-sa-2015-004	Exploit

Impacted products

Vendor	Product	Version
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_firmware	*
alcatel-lucent	omniswitch_10k	*
alcatel-lucent	omniswitch_6250	*
alcatel-lucent	omniswitch_6400	*
alcatel-lucent	omniswitch_6450	*
alcatel-lucent	omniswitch_6850e	*
alcatel-lucent	omniswitch_6855	*
alcatel-lucent	omniswitch_6860	*
alcatel-lucent	omniswitch_6900	*
alcatel-lucent	omniswitch_9000e	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "146D0494-CC3B-47E9-8798-631AA8015A73",
              "versionEndIncluding": "6.4.5.r02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD",
              "versionEndIncluding": "6.4.6.r01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE",
              "versionEndIncluding": "6.6.4.r01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB4AC6CF-716C-4A40-B0BB-8C652565FD52",
              "versionEndIncluding": "6.6.5.r02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB40E084-75AF-4851-A2DC-A9D6C175C1E4",
              "versionEndIncluding": "7.3.2.r01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F70B59CA-426A-49A1-BD75-516FBC0A4935",
              "versionEndIncluding": "7.3.3.r01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C61B0959-BF8F-4645-9690-B5E7D43CD0D1",
              "versionEndIncluding": "7.3.4.r01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B01558D-907A-4746-A09C-5761A6EE5B8C",
              "versionEndIncluding": "8.1.1.r01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7C154AC-D64C-4CB0-99E6-1792B23237BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E628D41-4AC8-4C60-8353-028588BAE9C0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D9AB0D-317D-4147-B944-02922FC3E14A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2026FD8F-2734-4927-AE3D-F346B6A3F7DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CA46E94-6195-4AD9-A6C1-97F309D57614",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6558791-5C3C-451C-B8C9-498A27555248",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C314BC45-D037-4FD9-B893-A737358EA851",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.html en la interfaz de gesti\u00f3n en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, y 6860 con firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, y 8.1.1.R01 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean usuarios a trav\u00e9s de una solicitud manipulada."
    }
  ],
  "id": "CVE-2015-2805",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-06-16T16:59:01.113",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/75121"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032544"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37261/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75121"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032544"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.exploit-db.com/exploits/37261/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-H4H6-RMF6-5R65

Vulnerability from github – Published: 2022-05-14 02:48 – Updated: 2025-04-12 12:48

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-2805"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-16T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.",
  "id": "GHSA-h4h6-rmf6-5r65",
  "modified": "2025-04-12T12:48:55Z",
  "published": "2022-05-14T02:48:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2805"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/37261"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2015/Jun/23"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75121"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032544"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-2805 (GCVE-0-2015-2805)

GSD-2015-2805

CNVD-2015-03785

VAR-201506-0116

FKIE_CVE-2015-2805

GHSA-H4H6-RMF6-5R65

Tags

Sightings

Nomenclature