The severity of these vulnerabilities varies, with one classified as critical, nine as high, and eleven as medium. They encompass a range of threats, including remote code execution (RCE), cross-site scripting (XSS), denial-of-service (DoS), unauthorized access, and authentication bypasses. These vulnerabilities could be exploited to control vulnerable devices, conduct credential theft, crash management applications, and facilitate adversary-in-the-middle (AitM) attacks.
Moreover, these flaws could be weaponized by botnet malware for automatic propagation, communication with command-and-control servers, and launching DDoS attacks using the affected machines. Fixes have been issued in ALEOS 4.17.0 (or ALEOS 4.9.9) and OpenNDS 10.1.3. However, TinyXML, another affected component, is no longer actively maintained, requiring downstream solutions by affected vendors.
Forescout emphasizes the potential for these vulnerabilities to be exploited for network disruption, espionage, lateral movement, and further malware deployment, particularly in critical infrastructure. The vulnerabilities are likened to open windows for bad actors, including state-sponsored entities and cybercriminals, who could use routers for persistence, espionage, residential proxies, or recruitment into botnets.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.