返回 CVE 瀏覽器

CVE-2008-4383

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0090%

EPSS Percentile29.05th

Published2008年10月3日

Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

Affected Platforms (CPE)

💻

Alcatel

Aos

>= 5.1 and < 5.1.6.463.r02

💻

Alcatel

Aos

>= 5.4 and < 5.4.1.429.r01

💻

Alcatel

Aos

>= 6.1.3 and < 6.1.3.965.r01

💻

Alcatel

Aos

>= 6.1.5 and < 6.1.5.595.r01

💻

Alcatel

Aos

>= 6.3 and < 6.3.1.966.r01

References & Advisories

🔗 http://secunia.com/advisories/31435

🔗 http://securityreason.com/securityalert/4347

🔗 http://www.layereddefense.com/alcatel12aug.html

🔗 http://www.securityfocus.com/archive/1/495343/100/0/threaded

🔗 http://www.securityfocus.com/bid/30652

🔗 http://www.securitytracker.com/id?1020657

🔗 http://www.vupen.com/english/advisories/2008/2346

🔗 http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm

相關漏洞威脅

CVE-2002-127210.0

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but n...

CVE-2018-78209.8

A Credentials Management CWE-255 vulnerability exists in the APC UPS Network Management Card 2 AOS v6.5.6, which could cause Remot...

CVE-2019-122609.8

Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability:...

CVE-2021-410008.8

Multiple authenticated remote code execution vulnerabilities were discovered in the AOS-CX command line interface in Aruba CX 6200...