Number: AL16-014
Date: 29 June 2016
Purpose
CORRECTION: The vendor has not yet published or registered an official vulnerability report. As this vulnerability has already been published, it is provided herein for awareness and mitigation if necessary.
The purpose of this advisory is to bring attention to vulnerabilities in the Sierra Wireless AirLink Raven XE Industrial 3G Gateway .
Assessment
CCIRC is aware of critical vulnerabilities in the Sierra Wireless AirLink Raven XE Industrial 3G Gateway. These vulnerabilities are remotely exploitable and could allow an attacker to gain privileged access to the device or cause other issues detailed in the reference below.
Vulnerability - Affected Version(s):
- Weak Credential Management - Raven XE HSPA, GX400
- CSRF Vulnerability – All Raven XE/XT models
- Sensitive Information Leakage – Ace Manager All Raven XE/XT models
- Unauthenticated Access – All Raven XE/XT models
Note: The Raven XE/XT devices are past end of life and will not receive firmware updates to address these issues.
Suggested Action
CCIRC recommends that system owners enact their organization's life-cycle process for affected devices, and test/deploy replacement solutions. To aid with mitigation of the vulnerabilities, the recommendations from Sierra Wireless below should be followed.
Sierra Wireless recommends:
- Customers should change all the default passwords on equipment they purchase, especially for interfaces that are enabled on public networks. They also recommend that customers use the firewall configuration options to disable these interfaces on the cellular WAN interface.
- Port forwarding should never be enabled to unauthenticated or otherwise insecure interfaces on the LAN side of the gateway.
- The Ace Manager interface should be disabled on the cellular WAN connection.
References
Seclists.org – http://seclists.org/fulldisclosure/2016/Jun/60