The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware prior to 6.6.4.309.R01 and 6.6.5.x prior to 6.6.5.80.R02 generates weak session identifiers, which allows remote malicious users to hijack arbitrary sessions via a brute force attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alcatel-lucent omniswitch_firmware |