Alert - Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple Vulnerabilities Reported (UPDATE)

Number: AL16-014
Date: 29 June 2016

Purpose

CORRECTION: The vendor has not yet published or registered an official vulnerability VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations. report. As this vulnerability has already been published, it is provided herein for awareness and mitigation if necessary.

The purpose of this advisory is to bring attention to vulnerabilities in the Sierra Wireless AirLink Raven XE Industrial 3G Gateway GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network. .

Assessment

CCIRC is aware of critical vulnerabilities in the Sierra Wireless AirLink Raven XE Industrial 3G Gateway.  These vulnerabilities are remotely exploitable and could allow an attacker to gain privileged access to the device or cause other issues detailed in the reference below.

Vulnerability - Affected Version(s):

  • Weak Credential Management - Raven XE HSPA, GX400
  • CSRF Vulnerability – All Raven XE/XT models
  • Sensitive Information Leakage – Ace Manager All Raven XE/XT models
  • Unauthenticated Access – All Raven XE/XT models

Note: The Raven XE/XT devices are past end of life and will not receive firmware updates to address these issues.

Suggested Action

CCIRC recommends that system owners enact their organization's life-cycle process for affected devices, and test/deploy replacement solutions.  To aid with mitigation of the vulnerabilities, the recommendations from Sierra Wireless below should be followed.

Sierra Wireless recommends:

  1. Customers should change all the default passwords on equipment they purchase, especially for interfaces that are enabled on public networks. They also recommend that customers use the firewall configuration options to disable these interfaces on the cellular WAN interface.
  2. Port forwarding should never be enabled to unauthenticated or otherwise insecure interfaces on the LAN side of the gateway.
  3. The Ace Manager interface should be disabled on the cellular WAN connection.

References

Seclists.org – http://seclists.org/fulldisclosure/2016/Jun/60

Date modified: