A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.
Various models are used in complex scenarios like passenger WiFi in transit systems, vehicle connectivity for emergency services, long-range gigabit connectivity to field operations, and various other performance-intensive tasks.
Forescout says Sierra routers are found in government systems, emergency services, energy, transportation, water and wastewater facilities, manufacturing units, and healthcare organizations.
Forescout's researchers discovered 21 new vulnerabilities in Sierra AirLink cellular routers and the TinyXML and OpenNDS components, which are part of other products, too.
For at least five of the above flaws, attackers do not require authentication to exploit them.
For several others affecting OpenNDS, authentication is likely not required, as common attack scenarios involve clients attempting to connect to a network or service.
After running a scan on Shodan search enging for internet-connected devices, Forescout researchers found over 86,000 AirLink routers exposed online in critical organizations engaged in power distribution, vehicle tracking, waste management, and national health services.
Of those, fewer than 8,600 have applied patches to vulnerabilities disclosed in 2019, and more than 22,000 are exposed to man-in-the-middle attacks due to using a default SSL certificate.
The recommended action for administrators is to upgrade to the ALEOS version 4.17.0, which addresses all flaws, or at least ALEOS 4.9.9, which contains all fixes except for those impacting OpenNDS captive portals that set a barrier between the public internet and a local area network.
The OpenNDS project has also released security updates for the vulnerabilities impacting the open-source project, with version 10.1.3.
Change default SSL certificates in Sierra Wireless routers and similar devices.
Disable or restrict non-essential services like captive portals, Telnet, and SSH. Implement a web application firewall to protect OT/IoT routers from web vulnerabilities.
Forescout has released a technical report that explains the vulnerabilities and the conditions that allow exploiting them.
According to the company, threat actors are increasingly targeting routers and network infrastructure environments, launching attacks with custom malware that use the devices for persistence and espionage purposes.
For cybercriminals, routers are usually a means to proxy malicious traffic or to increase the size of their botnet.
December Android updates fix critical zero-click RCE flaw.
New Microsoft Exchange zero-days allow RCE, data theft attacks.
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online.
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 06 Dec 2023 07:50:15 +0000