10

CVE-2008-4383

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Data is provided by the National Vulnerability Database (NVD)
AlcatelAos Version >= 5.1 < 5.1.6.463.r02
   Alcatel-lucentOmniswitch Versionos6600
   Alcatel-lucentOmniswitch Versionos6800
   Alcatel-lucentOmniswitch Versionos6850
   Alcatel-lucentOmniswitch Versionos7000
   Alcatel-lucentOmniswitch Versionos9000
AlcatelAos Version >= 5.4 < 5.4.1.429.r01
   Alcatel-lucentOmniswitch Versionos6600
   Alcatel-lucentOmniswitch Versionos6800
   Alcatel-lucentOmniswitch Versionos6850
   Alcatel-lucentOmniswitch Versionos7000
   Alcatel-lucentOmniswitch Versionos9000
AlcatelAos Version >= 6.1.3 < 6.1.3.965.r01
   Alcatel-lucentOmniswitch Versionos6600
   Alcatel-lucentOmniswitch Versionos6800
   Alcatel-lucentOmniswitch Versionos6850
   Alcatel-lucentOmniswitch Versionos7000
   Alcatel-lucentOmniswitch Versionos9000
AlcatelAos Version >= 6.1.5 < 6.1.5.595.r01
   Alcatel-lucentOmniswitch Versionos6600
   Alcatel-lucentOmniswitch Versionos6800
   Alcatel-lucentOmniswitch Versionos6850
   Alcatel-lucentOmniswitch Versionos7000
   Alcatel-lucentOmniswitch Versionos9000
AlcatelAos Version >= 6.3 < 6.3.1.966.r01
   Alcatel-lucentOmniswitch Versionos6600
   Alcatel-lucentOmniswitch Versionos6800
   Alcatel-lucentOmniswitch Versionos6850
   Alcatel-lucentOmniswitch Versionos7000
   Alcatel-lucentOmniswitch Versionos9000
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 27.07% 0.959
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securityfocus.com/bid/30652
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1020657
Third Party Advisory
VDB Entry