A set of 21 anew apparent vulnerabilities appulse Sierra OT/IoT routers and abuse analytical basement with alien cipher execution, crooked access, cross-site scripting, affidavit bypass, and abnegation of account attacks.
The flaws apparent by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source apparatus like TinyXML and OpenNDS (open Network Demarcation Service).
AirLink routers are awful admired in the acreage of automated and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.
Various models are acclimated in circuitous scenarios like commuter WiFi in alteration systems, agent connectivity for emergency services, all-embracing gigabit connectivity to acreage operations, and assorted added performance-intensive tasks.
Forescout says Sierra routers are begin in government systems, emergency services, energy, transportation, baptize and wastewater facilities, accomplishment units, and healthcare organizations.
Flaws and impact
Forescout’s advisers apparent 21 new vulnerabilities in Sierra AirLink cellular routers and the TinyXML and OpenNDS components, which are allotment of added products, too.
Only one of the aegis issues has been rated critical, eight of them accustomed a aerial severity score, and a dozen present a average risk.
The best noteworthy vulnerabilities are abbreviated below:
- CVE-2023-41101 (Remote Code Execution in OpenDNS – analytical severity account of 9.6)
- CVE-2023-38316 (Remote Code Execution in OpenDNS – aerial severity account of 8.8)
- CVE-2023-40463 (Unauthorized Access in ALEOS – aerial severity account of 8.1)
- CVE-2023-40464 (Unauthorized Access in ALEOS – aerial severity account of 8.1)
- CVE-2023-40461 (Cross Site Scripting in ACEmanager – aerial severity account of 8.1)
- CVE-2023-40458 (Denial of Service in ACEmanager – aerial severity account of 7.5)
- CVE-2023-40459 (Denial of Service in ACEmanager – aerial severity account of 7.5)
- CVE-2023-40462 (Denial of Service in ACEmanager accompanying to TinyXML – aerial severity account of 7.5)
- CVE-2023-40460 (Cross Site Scripting in ACEmanager – aerial severity account of 7.1)
For at atomic bristles of the aloft flaws, attackers do not crave affidavit to accomplishment them. For several others affecting OpenNDS, affidavit is acceptable not required, as accepted advance scenarios absorb audience attempting to affix to a arrangement or service.
According to the researchers, an antagonist could accomplishment some of the vulnerabilities "to booty abounding ascendancy of an OT/IoT router in analytical infrastructure." The accommodation could advance to arrangement disruption, accredit espionage, or move alongside to added important assets, and malware deployment.
“Apart from animal attackers, these vulnerabilities can additionally be acclimated by botnets for automated propagation, advice with command-and-control servers, as able-bodied as assuming DoS attacks,” the advisers explain.
After active a browse on Shodan chase enging for internet-connected devices, Forescout advisers found over 86,000 AirLink routers apparent online in analytical organizations affianced in ability distribution, agent tracking, decay management, and civic bloom services.
About 80% of the apparent systems are in the United States, followed by Canada, Australia, France, and Thailand.
Of those, beneath than 8,600 accept activated patches to vulnerabilities appear in 2019, and added than 22,000 are apparent to man-in-the-middle attacks due to application a absence SSL certificate.
The recommended action for administrators is to advancement to the ALEOS (AirLink Embedded Operating System) version 4.17.0, which addresses all flaws, or at atomic ALEOS 4.9.9, which contains all fixes except for those impacting OpenNDS bound portals that set a barrier amid the accessible internet and a bounded across network.
The OpenNDS activity has additionally appear aegis updates for the vulnerabilities impacting the open-source project, with version 10.1.3.
Note that TinyXML is now abandonware, so there will be no fixes for the CVE-2023-40462 vulnerability that impacts the project.
Forescout additionally recommends demography the afterward added accomplishments for added protection:
- Change absence SSL certificates in Sierra Wireless routers and agnate devices.
- Disable or bind non-essential casework like bound portals, Telnet, and SSH.
- Implement a web appliance firewall to assure OT/IoT routers from web vulnerabilities.
- Install an OT/IoT-aware IDS to adviser alien and centralized arrangement cartage for aegis breaches.
Forescout has appear a technical report that explains the vulnerabilities and the altitude that acquiesce base them.
According to the company, blackmail actors are added targeting routers and arrangement basement environments, ablution attacks with custom malware that use the accessories for chain and espionage purposes.
For cybercriminals, routers are usually a agency to proxy awful cartage or to access the size of their botnet.