Description
Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Alcatel-Lucent / OmniAccess Stellar ProductsAP1100 AWOS versions 5.0.2 GA and earlier – AP1100 AWOS versions 5.0.2 GA and earlier
- Alcatel-Lucent / OmniAccess Stellar ProductsAP1200 AWOS versions 5.0.2 GA and earlier – AP1200 AWOS versions 5.0.2 GA and earlier
- Alcatel-Lucent / OmniAccess Stellar ProductsAP1300 AWOS versions 5.0.2 GA and earlier – AP1300 AWOS versions 5.0.2 GA and earlier
- Alcatel-Lucent / OmniAccess Stellar ProductsAP1400 AWOS versions 5.0.2 GA and earlier – AP1400 AWOS versions 5.0.2 GA and earlier
- Alcatel-Lucent / OmniAccess Stellar ProductsAP1500 AWOS versions 5.0.2 GA and earlier – AP1500 AWOS versions 5.0.2 GA and earlier