Researchers revealed 21 new Sierra vulnerabilities impact more than 86,000 online exposed devices.
Sierra AirLink routers users risk remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
The affected routers are used by government organizations, police units, energy, transportation, manufacturing, healthcare sector, etc. So, the attackers getting a foothold into those networks could lead to disrupting various critical services.
What are the riskiest Sierra vulnerabilities?
The detected flaws` severity scores rank from medium to critical. The ones that run the highest risk and you should be aware about are:
- CVE-2023-41101 – enables Remote Code Execution in OpenNDS – severity score: 9.6, critical
- CVE-2023-38316 – enables Remote Code Execution in OpenNDS – severity score: 8.8, high
- CVE-2023-40463 – permits the attacker to get unauthorized access in ALEOS – severity score: 8.1, high
- CVE-2023-40464 – permits gaining unauthorized access in ALEOS – severity score: 8.1, high
- CVE-2023-40461– leads to Cross Site Scripting in ACEmanager – severity score: 8.1, high
- CVE-2023-40458 – causes Denial of Service in ACEmanager – severity score: 7.5, high
- CVE-2023-40459 – causes Denial of Service in ACEmanager – severity score: 7.5, high
- CVE-2023-40462 – causes Denial of Service in ACEmanager related to TinyXML – severity score: 7.5, high
- CVE-2023-40460 – enables Cross Site Scripting in ACEmanager – severity score: 7.1, high
According to the researchers, hackers can use the Sierra vulnerabilities to completely take over an OT/IoT router, deploy malware, move laterally or enable espionage.
Additionally, botnets can also exploit the flaws to communicate with C&C servers, launch DoS attacks and automatic propagation.
Prevention measures
Security experts advise System Administrators to upgrade devices to the ALEOS (AirLink Embedded Operating System) version 4.17.0 or upgrade to ALEOS 4.9.9 and then apply version 10.1.3.for OpenNDS.
Researchers warn there is no available patching for CVE-2023-40462, which impacts TinyXML, since the software is outdated.
Network security experts also recommend:
- Changing default SSL certificates in Sierra Wireless routers
- Disabling or restricting non-essential services: captive portals, Telnet, and SSH.
- Implementing a firewall to protect OT/IoT routers
- Install an OT/IoT-aware IDS to check inbound and outbound traffic
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.