Forescout Vedere Labs discovered flaws in Sierra Wireless AirLink routers and open-source components like TinyXML and OpenNDS (open Network Demarcation Service).
Twenty-one newly discovered vulnerabilities affect Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
Forescout Vedere Labs discovered flaws in Sierra Wireless AirLink routers and open-source components like TinyXML and OpenNDS (open Network Demarcation Service).
The high-performance 3G/4G/5G and WiFi connectivity of AirLink routers make them popular for industrial and mission-critical applications.
According to Forescout, Sierra routers are found in government systems, emergency services, energy, transportation, water and wastewater facilities, manufacturing units, and healthcare establishments.
Different models are used in complex scenarios, such as passenger WiFi in transit systems, vehicle connectivity for emergency services, long-range gigabit connectivity for field operations, and various other performance-intensive applications.
Researchers from Forescout have discovered 21 new vulnerabilities in Sierra AirLink cellular routers, as well as TinyXML and OpenNDS components found in other products.
Among the security issues, only one was rated critical, eight received a high severity score, and twelve posed a medium risk.
The critical vulnerabilities are outlined as follows:
o CVE-2023-41101 (Remote Code Execution in OpenDNS – critical severity score of 9.6)
o CVE-2023-38316 (Remote Code Execution in OpenDNS – high severity score of 8.8)
o CVE-2023-40463 (Unauthorized Access in ALEOS – high severity score of 8.1)
o CVE-2023-40464 (Unauthorized Access in ALEOS – high severity score of 8.1)
o CVE-2023-40461 (Cross Site Scripting in ACEmanager – high severity score of 8.1)
o CVE-2023-40458 (Denial of Service in ACEmanager – high severity score of 7.5)
o CVE-2023-40459 (Denial of Service in ACEmanager – high severity score of 7.5)
o CVE-2023-40462 (Denial of Service in ACEmanager related to TinyXML – high severity score of 7.5)
o CVE-2023-40460 (Cross Site Scripting in ACEmanager – high severity score of 7.1)
The attackers can exploit at least five of these flaws without authentication. Authentication is unlikely necessary for several others since common attack scenarios involve clients attempting to connect to a network or service.
According to the researchers, some of the vulnerabilities could be exploited by an attacker to gain control of OT/IoT routers in critical infrastructure. In addition to network disruptions, espionage could be enabled or moved laterally to more essential assets and malware deployment.
Researchers explain that botnets may exploit these vulnerabilities to propagate malware, communicate with command-and-control servers, and perform denial-of-service attacks in addition to being exploited by human attackers.
After searching on Shodan for internet-connected devices, researchers from Forescout discovered over 86,000 AirLink routers exposed online in critical organizations involved in power distribution, vehicle tracking, waste management, and national health services.
Most exposed systems are in the United States, Canada, Australia, France, and Thailand. Approximately 8,600 systems have been patched to address vulnerabilities disclosed in 2019; more than 22,000 are vulnerable to man-in-the-middle attacks due to default SSL certificates.
All flaws have been addressed in ALEOS (AirLink Embedded Operating System) version 4.17.0, or at least ALEOS 4.9.9, which contains all fixes except those affecting OpenNDS captive portals that separate the public internet from the local area network.
OpenNDS has also released security updates for the open-source project, with version 10.1.3. TinyXML is now abandonware, so there will be no fixes for the CVE-2023-40462 vulnerability.
Forescout suggests taking these extra steps for better protection:
o Change default SSL certificates in Sierra Wireless routers and similar devices.
o Turn off or limit non-essential services like captive portals, Telnet, and SSH.
o Use a web application firewall to safeguard OT/IoT routers from web vulnerabilities.
o Install an OT/IoT-aware IDS to monitor external and internal network traffic for security breaches.
Forescout has issued a technical report explaining the vulnerabilities and the conditions that enable their exploitation. According to the company, malicious actors increasingly focus on routers and network infrastructure environments, launching attacks with custom malware that leverages these devices for persistence and espionage purposes.
For cybercriminals, routers are typically used to proxy malicious traffic or expand their botnet size.
Want your digital assets to be protected?
CyberShelter provides innovative and modern cybersecurity products and niche services to individuals and organization against all kinds of cyber threats.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?