CyberSec.Space Logo
Back to CVE Browser

CVE-2008-4383

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile29.05th
PublishedOct 3, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Affected Platforms (CPE)

πŸ’»
Alcatel

Aos

>= 5.1 and < 5.1.6.463.r02
πŸ’»
Alcatel

Aos

>= 5.4 and < 5.4.1.429.r01
πŸ’»
Alcatel

Aos

>= 6.1.3 and < 6.1.3.965.r01
πŸ’»
Alcatel

Aos

>= 6.1.5 and < 6.1.5.595.r01
πŸ’»
Alcatel

Aos

>= 6.3 and < 6.3.1.966.r01

References & Advisories

πŸ”— http://secunia.com/advisories/31435
πŸ”— http://securityreason.com/securityalert/4347
πŸ”— http://www.layereddefense.com/alcatel12aug.html
πŸ”— http://www.securityfocus.com/archive/1/495343/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/30652
πŸ”— http://www.securitytracker.com/id?1020657
πŸ”— http://www.vupen.com/english/advisories/2008/2346
πŸ”— http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

Related Vulnerabilities

CVE-2002-127210.0

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but n...

CVE-2018-78209.8

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remot...

CVE-2019-122609.8

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability:...

CVE-2021-410008.8

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200...