Dear Alcatel-Lucent Enterprise Customer:

The purpose of this advisory is to address an important issue that affects AOS-W Instant
versions.
Advisory Number 2015-001

CVE: CVE-2015-1348
TITLE
AOS-W Instant (IAP) Wireless DoS Attack
SUMMARY
Alcatel-Lucent Enterprise has identified a problem with AOS-W Instant firmware which could
allow an attacker to crash or clear the configuration of an access point through a wireless
interface.
AFFECTED VERSIONS
-- AOS-W Instant version 4.0.0.6 and below (version <= 4.0.0.6)
-- AOS-W Instant version 4.1 below 4.1.1.2 (4.1.0.0 <= version < 4.1.1.2)
DETAILS
This vulnerability allows an attacker to cause an IAP to halt operation by sending crafted
malformed frames over a wireless interface. Under some conditions, the attack could cause an
IAP cluster to lose its configuration, forcing the cluster back to a factory-default state.
In order to protect customer networks, Alcatel-Lucent Enterprise is providing no additional
details in the initial advisory. In accordance with our vulnerability disclosure policy, AlcatelLucent Enterprise will update this advisory in 60 days to provide full details of the vulnerability.
WORKAROUND
There is no workaround for this issue.
SOLUTION
Upgrade to one of the following software versions:
-- AOS-W Instant version 4.0.0.7
-- AOS-W Instant version 4.1.1.2

At the time of publication, version 4.0.0.8 is available through Alcatel-Lucent Enterprise

Business Portal.

VULNERABILITY METRICS
Vulnerability Class: Heap-based Buffer Overflow (CWE-122)
Severity: Low
CVSSv2 Overall Score: 2.4
CVSSv2 Group Scores: Base: 2.1, Temporal: 1.6, Environmental: 2.4
CVSSv2 Vector:
(AV:L/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C/CDP:N/TD:ND/CR:L/IR:L/AR:H)

Please contact Alcatel-Lucent Enterprise ESD Service & Support for details.
For more detailed information, please go to the following link:
https://service.esd.alcatel-lucent.com
If you are experiencing problems with your support site login, please send and email detailing
this problem to: esd.support@alcatel-lucent Enterprise.com
Our Commitment to Enhancing Security
The Alcatel-Lucent Enterprise OmniAccess WLAN Switch is distributed in cooperation with
Aruba Networks. Alcatel-Lucent Enterprise will continue to work closely with Aruba Networks in
order to continuously enhance the security capabilities of the OAW products. Alcatel-Lucent
Enterprise will continue to work with its partner to address these issues and communicate the
latest updates.
If you have any additional questions please feel free to contact us at Esd.Support@alcatellucent.com
North America Service and Support: 1-800-995-2696
Latin America Service and Support: 1-877-919-9526
European Service and Support: +800 00200100 (Toll Free) or +1(650)385-2193
Asia Pacific Service and Support: +65-6240-8484
Other International: 1-878-878-4507