Alcatel-Lucent OmniSwitch Series Agranat-Embweb Management Server Session Cookie Handling Remote Overflow

critical Nessus Plugin ID 69790

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The remote Alcatel OmniSwitch device is affected by a buffer overflow vulnerability in its web server. An attacker could exploit it to gain control of the remote device.

Solution

Apply the relevant patch referenced in the Alcatel Security Advisory.

See Also

https://seclists.org/fulldisclosure/2008/Aug/238

http://www.nessus.org/u?fb316c34

Plugin Details

Severity: Critical

ID: 69790

File Name: alcatel_aos_cve_2008_4383.nasl

Version: 1.6

Type: local

Family: General

Published: 9/5/2013

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/h:alcatel-lucent:omniswitch, cpe:/o:alcatel:aos

Required KB Items: Host/AOS/show_microcode

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2008

Vulnerability Publication Date: 8/6/2008

Reference Information

CVE: CVE-2008-4383

BID: 30652

CWE: 119

IAVB: 2011-B-0141