CISA Flags Critical Sierra Wireless Router Vulnerability Amid Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical vulnerability affecting Sierra Wireless routers to its Known Exploited Vulnerabilities (KEV) catalog. This action follows evidence of active exploitation, posing significant risks to organizations still utilizing these legacy devices.
Understanding the Vulnerability
The vulnerability, designated as CVE-2018-4063, resides within the Sierra Wireless AirLink ALEOS operating system. It is characterized as an Unrestricted Upload of File with Dangerous Type flaw, allowing authenticated attackers to exploit the web server by sending specially crafted HTTP requests. This can lead to the upload and execution of malicious files, granting attackers control over the compromised router.
Technical Details
– CVE ID: CVE-2018-4063
– Description: Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability.
– Vulnerability Name: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
– Related CWE: CWE-434
While exploitation requires authentication, attackers often leverage weak or default credentials to gain initial access. Once inside, they can maintain persistent access and potentially move laterally within the network.
End-of-Life Risks and Mitigation
A critical aspect of this alert is the status of the impacted hardware. CISA has noted that the affected Sierra Wireless AirLink products may be End-of-Life (EoL) or End-of-Service (EoS). This means the vendor is likely no longer releasing security updates or patches for these devices. Consequently, the standard advice to patch immediately is not applicable here. Instead, CISA strongly advises users to discontinue using these products.
Continued use of EoL hardware leaves networks exposed to known exploits that cannot be remediated through software updates. Federal Civilian Executive Branch (FCEB) agencies have been given a strict deadline to remove these devices from their infrastructure to comply with Binding Operational Directive (BOD) 22-01.
Broader Implications
This development underscores the importance of proactive vulnerability management and the risks associated with using outdated hardware. Organizations are urged to assess their network infrastructure, identify any EoL devices, and replace them with supported alternatives to maintain a robust security posture.
