CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation

A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog.

This decision comes after evidence emerged that the flaw is being actively exploited in the wild. Posing significant risks to organizations that still utilize these legacy devices.

Federal agencies and private organizations are now urged to take immediate action to secure their networks against this specific threat.

The vulnerability, tracked as CVE-2018-4063, impacts the Sierra Wireless AirLink ALEOS operating system. It is described as an “Unrestricted Upload of File with Dangerous Type” flaw.

CVE ID	CVE-2018-4063
Description	Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability.
Vulnerability Name	Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability
Related CWE	CWE-434

Security researchers have determined that the issue allows an authenticated attacker to exploit the web server. By sending a specially crafted HTTP request, a threat actor can upload malicious files directly to the device.

Once a malicious file is uploaded, it can result in the execution of arbitrary code on the web server. This Remote Code Execution (RCE) capability effectively gives attackers control over the compromised router.

Although the vulnerability requires authentication to trigger, attackers often exploit it in combination with weak or default credentials to gain initial access.

The severity of this flaw is compounded by the fact that it allows for persistent access and potential lateral movement within a network.

End-of-Life Risks and Mitigation

A critical aspect of this alert is the status of the impacted hardware. CISA has noted that the affected Sierra Wireless AirLink products may be End-of-Life (EoL) or End-of-Service (EoS).

This means the vendor is likely no longer releasing security updates or patches for these devices. Consequently, the standard advice to “patch immediately” is not applicable here. Instead, CISA strongly advises users to discontinue using these products.

Continued use of EoL hardware leaves networks exposed to known exploits that cannot be remediated through software updates.

Federal Civilian Executive Branch (FCEB) agencies have been given a strict deadline to remove these devices from their infrastructure to comply with Binding Operational Directive (BOD) 22-01.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation appeared first on Cyber Security News.