Sierra Routers: 21 Critical Flaws Uncovered

News + Vulnerabilities Z. Oualid today

share close

In a recent analysis of Sierra Wireless routers, Forescout’s Vedere Labs made a significant discovery—21 new vulnerabilities that not only pose a threat to operational technology (OT) and IoT devices but also reveal the broader challenge of addressing security issues in the realm of critical infrastructure. This research, published by Forescout, sheds light on the ease with which these vulnerabilities can be exploited and the historical difficulty enterprises face in mitigating such risks.

The vulnerabilities, ranging from medium to critical severity, impact Sierra Wireless AirLink cellular routers and include components such as TinyXML and OpenNDS. Researchers pointed out the potential for attackers to exploit these vulnerabilities to gain control over OT and IoT devices, especially those connecting local networks critical for infrastructure via cellular connections.

Despite Forescout reporting these vulnerabilities to Sierra and subsequent patches being released over the past month, the widespread nature of the problem persists. A Shodan search conducted by Forescout revealed a staggering 86,174 vulnerable routers exposed on the internet, with over 60,000 in the U.S. Shockingly, less than 10% of these routers were confirmed to be patched against vulnerabilities disclosed since 2019. Furthermore, 80% of these devices had reached their end of life, making patches unavailable.

The affected devices were found across critical infrastructure sectors, including manufacturing, healthcare, energy, transportation, water, emergency services, and vehicle tracking. The potential impact of exploiting these vulnerabilities is exemplified in a hypothetical attack scenario on a healthcare organization, where attackers could take control of a router in a hospital to compromise medical devices and distribute malware.

The research highlights the critical need for securing edge devices, especially as attackers increasingly target routers for initial access, malware deployment, and reconnaissance, as evidenced by multiple advisories from the Cybersecurity and Infrastructure Security Agency (CISA) over the past year.

A substantial portion of the Sierra Wireless Airlink router research focused on the Aleos Application Framework, an integral part of the router architecture. Despite Aleos documentation recommending limited exposure of ACEmanager within local networks, the research revealed more than 86,000 exposed instances directly to the internet. Most concerning is that nearly 64% of these devices run versions of ALEOS without security patches for previously disclosed vulnerabilities.

The newly discovered Aleos vulnerabilities present opportunities for denial-of-service (DoS) and cross-site scripting attacks. Notably, two higher severity vulnerabilities, tracked as CVE-2023-40463 and CVE-2023-40464, could allow unauthorized access to affected devices.

The research also underscores the supply chain risks associated with Sierra Wireless routers. The inclusion of open-source components like TinyXML, an abandoned project with no ongoing patch development, and OpenNDS, used for creating captive portals, introduces vulnerabilities that may be challenging for asset owners to track and mitigate.

While acknowledging the challenges, Daniel dos Santos, Forescout’s Head of Security Research, emphasized the importance of original equipment manufacturers (OEMs) being aware of all components used in their devices to limit supply chain risks. Regression testing and staying updated with internal patches were recommended for effective risk management.

In light of the 21 vulnerabilities, Forescout recommended that enterprises prioritize addressing captive portal vulnerabilities, as exploitation is relatively easier and could lead to device takeover. The second most exploitable set of vulnerabilities relates to the web interface, which requires attackers to have credentials. However, Santos highlighted that none of these vulnerabilities are overly complex to exploit.

The exposure of over 80,000 web interfaces online was attributed to companies’ lack of awareness and visibility into OT environments. Configuration complexities and remote maintenance issues can inadvertently lead to the exposure of devices to the public internet. The distressing statistic of only 10% of confirmed patches in the wild further emphasizes the need for improved visibility and effective risk assessment management.

Forescout’s findings shed light on a broader shift in the threat landscape, where attackers increasingly target vulnerabilities in perimeter devices over traditional methods like phishing or obtaining valid credentials. As attackers exploit vulnerabilities with minimal preconditions, the significance of securing perimeter devices, such as routers, becomes paramount. The research serves as a call to action for enterprises to enhance their visibility, implement robust risk assessment measures, and prioritize security for routers, given their role as critical perimeter devices.

While challenges persist, the collaboration between Forescout and Sierra exemplifies a proactive approach to addressing security issues. Sierra’s prompt release of patches and collaboration with CISA to disseminate advisories demonstrates a positive industry response. The research ultimately underscores the continuous effort required to stay ahead of emerging threats and secure critical infrastructure in an ever-evolving cybersecurity landscape.

Written by: Z. Oualid

Rate it

About the author

Z. Oualid

I am a Cyber Security Expert, I have worked with many companies around the globe to secure their applications and their networks. I am certified OSCP and OSCE which are the most recognized and hard technical certifications in the industry of cybersecurity. I am also a Certifed Ethical hacker (CEH). I hope you enjoy my articles :).

Previous post

Post comments (0)

Leave a reply

Your email address will not be published. Required fields are marked *