Sign-up

ID

VAR-201506-0116


CVE

CVE-2015-2805


TITLE

plural Alcatel-Lucent OmniSwitch Firmware management Web Cross-site request forgery vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2015-003165

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Alcatel OmniSwitch is an enterprise-class switch. Multiple Alcatel-Lucent OmniSwitch products are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks. Alcatel-Lucent OmniSwitch 6450, etc. are switches products of Alcatel-Lucent (Alcatel-Lucent) in France. The following products and versions are affected: using version 6.4.5.R02, version 6.4.6.R01, version 6.6.4.R01, version 6.6.5.R02, version 7.3.2.R01, version 7.3.3.R01, Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, 6860 with firmware 7.3.4.R01 and 8.1.1.R01

Trust: 2.52

sources: NVD: CVE-2015-2805 // JVNDB: JVNDB-2015-003165 // CNVD: CNVD-2015-03785 // BID: 75121 // VULHUB: VHN-80766

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-03785

AFFECTED PRODUCTS

vendor:alcatel lucentmodel:omniswitchscope:eqversion:6.4.5.r02

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:6.4.6.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:6.6.4.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:6.6.5.r02

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:7.3.2.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:7.3.3.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:7.3.4.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:eqversion:8.1.1.r01

Trust: 1.4

vendor:alcatel lucentmodel:omniswitchscope:lteversion:7.3.3.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:8.1.1.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:7.3.4.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:6.4.5.r02

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:6.6.4.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:7.3.2.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:6.6.5.r02

Trust: 1.0

vendor:alcatel lucentmodel:omniswitchscope:lteversion:6.4.6.r01

Trust: 1.0

vendor:alcatel lucentmodel:omniswitch 10kscope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6250scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6400scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6450scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6850escope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6855scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6860scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 6900scope: - version: -

Trust: 0.8

vendor:alcatel lucentmodel:omniswitch 9000escope: - version: -

Trust: 0.8

vendor:alcatelmodel:omniswitchscope:eqversion:6860

Trust: 0.6

vendor:alcatelmodel:omniswitch 10kscope: - version: -

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:6900

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:6855

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:6400

Trust: 0.6

vendor:alcatelmodel:omniswitch 9000escope: - version: -

Trust: 0.6

vendor:alcatelmodel:omniswitch 6850escope: - version: -

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:6250

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:6450

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:7700

Trust: 0.6

vendor:alcatelmodel:omniswitchscope:eqversion:7800

Trust: 0.6

vendor:alcatel lucentmodel:omniswitch 9000e 8.1.1.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 7.3.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 7.3.3.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 7.3.2.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 6.6.5.r02scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 6.6.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 6.4.6.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 9000e 6.4.5.r02scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6900

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6860

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6855

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 8.1.1.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 7.3.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 7.3.3.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 7.3.2.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 6.6.5.r02scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 6.6.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 6.4.6.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6850e 6.4.5.r02scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6450

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6400

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 8.1.1.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.4.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.3.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 7.3.2.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.5.r02scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.6.4.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.6.r01scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 6.4.5.r02scope:eqversion:6250

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 8.1.1.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 7.3.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 7.3.3.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 7.3.2.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 6.6.5.r02scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 6.6.4.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 6.4.6.r01scope: - version: -

Trust: 0.3

vendor:alcatel lucentmodel:omniswitch 10k 6.4.5.r02scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2015-03785 // BID: 75121 // JVNDB: JVNDB-2015-003165 // CNNVD: CNNVD-201506-297 // NVD: CVE-2015-2805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-2805
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-2805
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-03785
value: LOW

Trust: 0.6

CNNVD: CNNVD-201506-297
value: MEDIUM

Trust: 0.6

VULHUB: VHN-80766
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-2805
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-03785
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-80766
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-03785 // VULHUB: VHN-80766 // JVNDB: JVNDB-2015-003165 // CNNVD: CNNVD-201506-297 // NVD: CVE-2015-2805

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-80766 // JVNDB: JVNDB-2015-003165 // NVD: CVE-2015-2805

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-297

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201506-297

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003165

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-80766

PATCH
title:Top Pageurl:https://www.alcatel-lucent.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003165

EXTERNAL IDS
db:NVDid:CVE-2015-2805
Trust: 3.4
db:BIDid:75121
Trust: 2.0
db:PACKETSTORMid:132236
Trust: 1.7
db:EXPLOIT-DBid:37261
Trust: 1.7
db:SECTRACKid:1032544
Trust: 1.7
db:JVNDBid:JVNDB-2015-003165
Trust: 0.8
db:CNNVDid:CNNVD-201506-297
Trust: 0.7
db:CNVDid:CNVD-2015-03785
Trust: 0.6
db:VULHUBid:VHN-80766
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-03785 // 
            
            
            
            VULHUB: VHN-80766 // 
            
            
            
            BID: 75121 // 
            
            
            
            JVNDB: JVNDB-2015-003165 // 
            
            
            
            CNNVD: CNNVD-201506-297 // 
            
            
            
            NVD: CVE-2015-2805

REFERENCES
url:https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Trust: 2.3
url:https://www.exploit-db.com/exploits/37261/
Trust: 1.7
url:http://seclists.org/fulldisclosure/2015/jun/23
Trust: 1.7
url:http://packetstormsecurity.com/files/132236/alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery.html
Trust: 1.7
url:http://www.securitytracker.com/id/1032544
Trust: 1.7
url:http://www.securityfocus.com/bid/75121
Trust: 1.1
url:http://www.securityfocus.com/archive/1/535732/100/0/threaded
Trust: 1.1
url:https://www.redteam-pentesting.de/en/advisories/rt-sa-2015-004/-alcatel-lucent-omniswitch-web-interface-cross-site-request-forgery
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2805
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2805
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/535732/100/0/threaded
Trust: 0.6
url:http://enterprise.alcatel-lucent.com/?product=omniswitch6450&page=overview
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-03785 // 
            
            
            
            VULHUB: VHN-80766 // 
            
            
            
            BID: 75121 // 
            
            
            
            JVNDB: JVNDB-2015-003165 // 
            
            
            
            CNNVD: CNNVD-201506-297 // 
            
            
            
            NVD: CVE-2015-2805

CREDITS
RedTeam Pentesting GmbH
Trust: 0.3
sources:
            
            
            BID: 75121

SOURCES
db:CNVDid:CNVD-2015-03785
db:VULHUBid:VHN-80766
db:BIDid:75121
db:JVNDBid:JVNDB-2015-003165
db:CNNVDid:CNNVD-201506-297
db:NVDid:CVE-2015-2805

LAST UPDATE DATE
2025-04-13T23:39:38.448000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-03785date:2015-06-16T00:00:00
db:VULHUBid:VHN-80766date:2018-10-09T00:00:00
db:BIDid:75121date:2015-06-10T00:00:00
db:JVNDBid:JVNDB-2015-003165date:2015-06-18T00:00:00
db:CNNVDid:CNNVD-201506-297date:2015-06-17T00:00:00
db:NVDid:CVE-2015-2805date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-03785date:2015-06-15T00:00:00
db:VULHUBid:VHN-80766date:2015-06-16T00:00:00
db:BIDid:75121date:2015-06-10T00:00:00
db:JVNDBid:JVNDB-2015-003165date:2015-06-18T00:00:00
db:CNNVDid:CNNVD-201506-297date:2015-06-17T00:00:00
db:NVDid:CVE-2015-2805date:2015-06-16T16:59:01.113