Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleSplunk

Splunk has acknowledged a vulnerability in Splunk Enterprise, which can be exploited by malicious people to cause a DoS

More info.

AlertTitleSCADA

A buffer overflow vulnerability has been identified in Advantech WebAccess.

More info.

The latest software update for SIMATIC WinCC fixes two critical vulnerabilities. One could allow unauthenticated remote code execution.

More info.

AlertTitleSolaris

Multiple security vulnerabilities have been corrected in Solaris.

More info.

AlertTitleSuSE

Multiple security patches have been published for SuSE.
More info.

AlertTitleIBM

A security vulnerability exists in the IBM SDK for Java that is shipped with IBM Tivoli/Security Directory Integrator.

More info.

 

Fixes available for security vulnerabilities in CKEditor that affect IBM iNotes.  Preview Plugin for CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

More info.

AlertTitleF5

F5 has published some fixed software  for  the SSL BREACH vulnerability in their products.  This category of vulnerability was first reported in 2012.

More info.

AlertTitleSCADA
AlertArrowDown2

There is a public report of a buffer overflow vulnerability with proof-of-concept (PoC) exploit code affecting Advantech AdamView, the vulnerability is caused by incorrect sanitization of input parameters. 

More info.

 

There is also a public report concerning a command injection vulnerability with proof-of-concept (PoC) exploit code affecting Advantech EKI-6340.The vulnerability is caused by incorrect sanitization of input parameters.

More info.

AlertTitleUbuntu

Ubuntu has released updates for Oxide, that could be exploited by tricking a user into opening a crafted website.  A remote attacker could cause a DoS or RCE.

More info.

AlertTitleAndroid

There is a vulnerability in Android versions below 5.0 that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances.

More info.

AlertTitleMicrosoft

Microsoft has released an out-of-cycle patch for Kerberos KDC that could allow an attacker to elevate unprivileged domain user account privileges to those of the domain administrator account. An attacker could use these elevated privileges to compromise any computer in the domain, including domain controllers.

More info.

 

MS14-066 was also updated today to fix some of the issues previously discussed with the introduction of the additional TLS cipher suites.  Folks running Server 2008 R2 and Server 2012 are urged to reinstall

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/