Heimdal
article featured image

Contents:

Researchers revealed 21 new Sierra vulnerabilities impact more than 86,000 online exposed devices.

Sierra AirLink routers users risk remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.

The affected routers are used by government organizations, police units, energy, transportation, manufacturing, healthcare sector, etc. So, the attackers getting a foothold into those networks could lead to disrupting various critical services.

What are the riskiest Sierra vulnerabilities?

The detected flaws` severity scores rank from medium to critical. The ones that run the highest risk and you should be aware about are:

  • CVE-2023-38316 – enables Remote Code Execution in OpenNDS – severity score: 8.8, high
  • CVE-2023-40463 – permits the attacker to get unauthorized access in ALEOS – severity score: 8.1, high
  • CVE-2023-40464 – permits gaining unauthorized access in ALEOS – severity score: 8.1, high
  • CVE-2023-40461– leads to Cross Site Scripting in ACEmanager – severity score: 8.1, high
  • CVE-2023-40458 – causes Denial of Service in ACEmanager – severity score: 7.5, high
  • CVE-2023-40459 – causes Denial of Service in ACEmanager – severity score: 7.5, high
  • CVE-2023-40462 – causes Denial of Service in ACEmanager related to TinyXML – severity score: 7.5, high
  • CVE-2023-40460 – enables Cross Site Scripting in ACEmanager – severity score: 7.1, high

According to the researchers, hackers can use the Sierra vulnerabilities to completely take over an OT/IoT router, deploy malware, move laterally or enable espionage.

Additionally, botnets can also exploit the flaws to communicate with C&C servers, launch DoS attacks and automatic propagation.

Prevention measures

Security experts advise System Administrators to upgrade devices to the ALEOS (AirLink Embedded Operating System) version 4.17.0 or upgrade to ALEOS 4.9.9 and then apply version 10.1.3.for OpenNDS.

Researchers warn there is no available patching for CVE-2023-40462, which impacts TinyXML, since the software is outdated.

Network security experts also recommend:

  • Changing default SSL certificates in Sierra Wireless routers
  • Disabling or restricting non-essential services: captive portals, Telnet, and SSH.
  • Install an OT/IoT-aware IDS to check inbound and outbound traffic

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE