admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 17:51:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2015/CVE-2015-28xx/CVE-2015-2805.json

251 lines
8.7 KiB
JSON
Raw Normal View History

bootstrap
2023-04-24 12:24:31 +02:00
{
"id": "CVE-2015-2805",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-06-16T16:59:01.113",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"lastModified": "2024-11-21T02:28:06.697",
bootstrap
2023-04-24 12:24:31 +02:00
"vulnStatus": "Modified",
Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00
"cveTags": [],
bootstrap
2023-04-24 12:24:31 +02:00
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request."
},
{
"lang": "es",
"value": "Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.html en la interfaz de gesti\u00f3n en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, y 6860 con firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, y 8.1.1.R01 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean usuarios a trav\u00e9s de una solicitud manipulada."
}
],
"metrics": {
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"baseScore": 6.8,
bootstrap
2023-04-24 12:24:31 +02:00
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
"availabilityImpact": "PARTIAL"
bootstrap
2023-04-24 12:24:31 +02:00
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.4.5.r02",
"matchCriteriaId": "146D0494-CC3B-47E9-8798-631AA8015A73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.4.6.r01",
"matchCriteriaId": "8B629D98-2C6F-4937-A3B3-CD3FEE2B61FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.4.r01",
"matchCriteriaId": "A8CE49B7-937F-4CEE-9A3D-1D94C6A0C0FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.5.r02",
"matchCriteriaId": "AB4AC6CF-716C-4A40-B0BB-8C652565FD52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.3.2.r01",
"matchCriteriaId": "FB40E084-75AF-4851-A2DC-A9D6C175C1E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.3.3.r01",
"matchCriteriaId": "F70B59CA-426A-49A1-BD75-516FBC0A4935"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.3.4.r01",
"matchCriteriaId": "C61B0959-BF8F-4645-9690-B5E7D43CD0D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:alcatel-lucent:omniswitch_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.1.1.r01",
"matchCriteriaId": "6B01558D-907A-4746-A09C-5761A6EE5B8C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_10k:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C154AC-D64C-4CB0-99E6-1792B23237BE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6250:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC17F6AB-A4A7-4DCF-A38D-567A626BAC9D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6400:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E628D41-4AC8-4C60-8353-028588BAE9C0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6450:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4D9AB0D-317D-4147-B944-02922FC3E14A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6850e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2026FD8F-2734-4927-AE3D-F346B6A3F7DD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6855:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CA46E94-6195-4AD9-A6C1-97F309D57614"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6860:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6558791-5C3C-451C-B8C9-498A27555248"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_6900:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C314BC45-D037-4FD9-B893-A737358EA851"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:alcatel-lucent:omniswitch_9000e:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30CE6E3F-9C8A-4EC8-9DF5-DA618C4985C6"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jun/23",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/75121",
"source": "cve@mitre.org"
},
{
"url": "http://www.securitytracker.com/id/1032544",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/37261/",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00
},
{
"url": "http://packetstormsecurity.com/files/132236/Alcatel-Lucent-OmniSwitch-Web-Interface-Cross-Site-Request-Forgery.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "http://seclists.org/fulldisclosure/2015/Jun/23",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "http://www.securityfocus.com/archive/1/535732/100/0/threaded",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securityfocus.com/bid/75121",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "http://www.securitytracker.com/id/1032544",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://www.exploit-db.com/exploits/37261/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2015-004",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
bootstrap
2023-04-24 12:24:31 +02:00
}
]
}
Reference in New Issue Copy Permalink