CVE-2008-4383 — HIGH (10.0)

Q: How severe is CVE-2008-4383?

CVE-2008-4383 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-4383?

Check the references section above for vendor advisories and patch information. Affected products include: Alcatel Aos, Alcatel-Lucent Omniswitch.

Vulnerability Description

Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Alcatel	Aos	>= 5.1, < 5.1.6.463.r02
Alcatel-Lucent	Omniswitch	os6600

Related Weaknesses (CWE)

CWE-119

References

http://secunia.com/advisories/31435Third Party Advisory
http://securityreason.com/securityalert/4347Third Party Advisory
http://www.layereddefense.com/alcatel12aug.htmlBroken Link
http://www.securityfocus.com/archive/1/495343/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30652Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020657Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2008/2346Third Party Advisory
http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htmVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44400Third Party AdvisoryVDB Entry
http://secunia.com/advisories/31435Third Party Advisory
http://securityreason.com/securityalert/4347Third Party Advisory
http://www.layereddefense.com/alcatel12aug.htmlBroken Link
http://www.securityfocus.com/archive/1/495343/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/30652Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1020657Third Party AdvisoryVDB Entry

FAQ

What is CVE-2008-4383?

CVE-2008-4383 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 b...

How severe is CVE-2008-4383?

CVE-2008-4383 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-4383?

Check the references section above for vendor advisories and patch information. Affected products include: Alcatel Aos, Alcatel-Lucent Omniswitch.