Description
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
Exploits (1)
exploitdb
WORKING POC
by RedTeam Pentesting · textwebappshardware
https://www.exploit-db.com/exploits/37261
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535732/100/0/threaded
Exploit x_refsource_misc
https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032544
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jun/23
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75121
Exploit exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37261/
Scores
EPSS
0.0112
EPSS Percentile
78.3%
Details
CWE
CWE-352
Status
published
Products (1)
alcatel-lucent/omniswitch_firmware
< 6.4.5.r02
Published
Jun 16, 2015
Tracked Since
Feb 18, 2026