eLynx Security Alert - 2017-001: Multiple Sierra Wireless AirLink Raven XE and XT Vulnerabilities
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a security alert and a follow-up advisory for Sierra Wireless AirLink Raven XE and XT Wireless Gateways as they contain multiple critical security vulnerabilities.
These modems were sold to customers for use on the ATT and Verizon eLynx monitoring network. Modems with both private and public IP (Internet Protocol) addresses are vulnerable – however there is a greater risk to modems that are on the public facing internet as they do not benefit from our private network security architecture.
IMPROPER AUTHORIZATION - CVE-2017-6044 - CVSS 10
Several files and directories can be accessed without authentication, which may allow a remote attacker to perform sensitive functions including arbitrary file upload, file download, and device reboot.
CROSS-SITE REQUEST FORGERY - CVE-2017-6042 - CVSS 8.8
Affected devices do not verify if a request was intentionally sent by the logged-in user, which may allow an attacker to trick a client into making an unintentional request to the web server that will be treated as an authentic request.
INSUFFICIENTLY PROTECTED CREDENTIALS - CVE-2017-6046 - CVSS 4.3
Sensitive information is insufficiently protected during transmission and vulnerable to sniffing, which could lead to information disclosure.
- Remotely apply a new firmware version provided by Sierra Wireless to address the most serious vulnerabilities as soon as we are able.
- Continue to change hardcoded default passwords to enhance their security posture.
- Do we need to do anything?
No – eLynx technical support is being proactive on your behalf. You do not need to contact support unless there are special circumstances.
- When will the remote update occur?
We will start updating modems on 05/08/2017 although the first few weeks will be spent identifying the model/type first so that the correct firmware is applied.
- Is there a cost for this remote modem update?
No – us being proactive about our combined security posture is part of the eLynx monitoring package.
- Can we update the firmware ourselves?
Yes – firmware updates are easy to apply and very low risk. Please notify eLynx technical support if you choose to update so we don’t overwrite your update and cause a secondary communication outage. Modems must be updated by 5/5/17.
Firmware and instructions are in the Sierra Wireless notice provided above.
- What happens during a firmware update?
The firmware update process takes anywhere from 5-30 minutes to complete – during that time communication will be down and data may not be recorded in the eLynx system.
- Is there a risk of doing this firmware update?
There is a very low risk of the modem/gateway being “bricked” and non-functional if the update process fails. In our experience over the last 14 years with these types of updates only 1 device has failed due to an update.
eLynx technical support will be proactive and treat the issue as critical if a device fails during the update process.
- Can we opt out of modem updates?
No - modems must be updated either by you or us.
- Why does eLynx require these modems to be updated?
The security issues identified above are deemed critical – the integrity of your data and our network is endangered if these modems are hacked and become part of a “bot” network. Previous botnets have increased our telcom cost substantially – we need to be proactive to protect both of us.
- Who owns the modem?
The modem is owned by you the customer.