CVE-2015-2804

Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Session Hijacking via Weak Session ID

Title source: llm
STIX 2.1

Description

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

References (5)

Core 5

Scores

EPSS 0.0203
EPSS Percentile 78.7%

Details

CWE
CWE-200
Status published
Products (1)
alcatel-lucent/omniswitch_firmware < 6.4.5.r02
Published Jun 16, 2015
Tracked Since Feb 18, 2026