CISA Adds Actively Exploited Sierra Wireless ALEOS Vulnerability to KEV Catalog
On December 6, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2018-4063 to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability affects Sierra Wireless AirLink ALEOS routers and is described as an unrestricted file upload vulnerability that allows for remote code execution (RCE). The CVSS score for this vulnerability is reported as either 8.8 or 9.9, indicating a high to critical severity level. The vulnerability is actively exploited and affects unpatched versions of ALEOS. Unrestricted file upload vulnerabilities are particularly dangerous as they allow attackers to upload malicious files to a server without proper validation, leading to potential RCE. In the context of Sierra Wireless AirLink routers, which are commonly used in industrial and enterprise environments for cellular connectivity, this vulnerability poses a significant threat. Attackers exploiting this vulnerability can gain complete control over the affected device, install malware, steal data, or use the router as a pivot point to attack other devices on the network. The addition of CVE-2018-4063 to CISA's KEV catalog underscores the ongoing threat posed by unpatched systems and the importance of regular software updates and patch management. Organizations using Sierra Wireless AirLink ALEOS routers should immediately check if their devices are running unpatched versions of ALEOS and apply the necessary updates. As a temporary mitigation, organizations can segment their network to limit the exposure of these routers to untrusted networks and implement monitoring to detect any unusual activity on these devices. From a cybersecurity perspective, the active exploitation of this vulnerability makes it a high priority for patching and mitigation efforts. The discrepancy in the CVSS score (8.8 or 9.9) should be clarified from the source to accurately assess the severity level. However, regardless of the exact score, the fact that this vulnerability is being actively exploited highlights the urgent need for organizations to address this issue.