CVE-2015-2805 Information
Description
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450 6250 6850E 9000E 6400 6855 6900 10K and 6860 with firmware 6.4.5.R02 6.4.6.R01 6.6.4.R01 6.6.5.R02 7.3.2.R01 7.3.3.R01 7.3.4.R01 and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.
Reference
http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2015/Jun/23 http://www.securityfocus.com/archive/1/535732/100/0/threaded http://www.securityfocus.com/bid/75121 http://www.securitytracker.com/id/1032544 https://www.exploit-db.com/exploits/37261/ https://www.redteam-pentesting.de/advisories/rt-sa-2015-004
Share on: