CVE-2015-2804

Name: CVE-2015-2804
Creator: NVD / NIST
Published: 2015-06-16T16:59:00.067+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.03%

Last modified Jun 17, 2026

CVE-2015-2804 is a vulnerability of currently unknown severity. The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.. EPSS estimates a 2.03% chance of exploitation in the next 30 days.

Description

The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.

Metrics

EPSS Probability

2.03%

78.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Alcatel-Lucent	Omniswitch Firmware	<= 6.4.5.r02
Alcatel-Lucent	Omniswitch Firmware	<= 6.4.6.r01
Alcatel-Lucent	Omniswitch Firmware	<= 6.6.4.r01
Alcatel-Lucent	Omniswitch Firmware	<= 6.6.5.r02

References

Timeline

Published: Jun 16, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-2804?

How severe is CVE-2015-2804?

Severity scoring for CVE-2015-2804 is pending analysis. The EPSS model estimates a 2.03% probability of exploitation in the next 30 days.

How do I fix CVE-2015-2804?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2804?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST