December 6, 2023 at 02:48AM
Forescout discovered 21 vulnerabilities in Sierra Wireless AirLink routers and OpenNDS, TinyXML components, threatening critical infrastructures with attacks like remote code execution and unauthorized access. Notably, over 86,000 exposed routers online are at risk, largely in the U.S. Patching with ALEOS version 4.17.0 and implementing security measures are recommended.
Meeting Takeaways:
1. **Security Threats**: Forescout Vedere Labs has identified 21 new vulnerabilities affecting Sierra Wireless AirLink cellular routers, which are critical in maintaining infrastructure for various essential services.
2. **Vulnerability Summary**:
– Includes remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
– The vulnerabilities also impact open-source components, namely TinyXML and OpenNDS.
– Severity scores: 1 critical, 8 high, and 12 medium risks.
3. **Widespread Use**: Sierra routers are utilized in a wide range of services, including government, emergency, energy, transportation, and healthcare, highlighting the potential broad impact of these vulnerabilities.
4. **Key Vulnerabilities**:
– Critical: CVE-2023-41101 with a severity score of 9.6 (OpenDNS).
– Others include unauthorized access (CVE-2023-40463, CVE-2023-40464), cross-site scripting (CVE-2023-40461, CVE-2023-40460), and denial of service (CVE-2023-40458, CVE-2023-40459, CVE-2023-40462) with varied high and medium severity scores.
5. **Attacker Capability**: Certain vulnerabilities can be exploited without authentication, potentially allowing attackers to gain control of the routers, disrupt networks, conduct espionage, deploy malware, and facilitate lateral movement to more critical assets.
6. **Exposure Data**:
– Over 86,000 AirLink routers were found to be exposed online via a Shodan scan.
– The majority of exposed routers are in the United States.
– Many systems remain unpatched from 2019 vulnerabilities, and thousands are vulnerable to man-in-the-middle attacks due to default SSL certificates.
7. **Remediation Steps**:
– Upgrade to ALEOS version 4.17.0 for comprehensive fixes or at least 4.9.9, excluding fixes for OpenNDS captive portals.
– Address TinyXML vulnerabilities separately as it is abandonware.
– OpenNDS project has released fixes in version 10.1.3 for affected components.
– Change default SSL certificates.
– Disable or restrict unnecessary services.
– Employ additional security measures like a web application firewall and an OT/IoT-aware IDS.
8. **Targeted by Cybercriminals**: Routers and network infrastructure are increasingly seen as valuable targets for attackers to gain persistence and conduct espionage.
The executive summary should be circulated to relevant parties to ensure that immediate actions are taken to patch vulnerabilities, secure systems, and mitigate potential threats to critical infrastructures.