Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              

Current Alerts

AlertTitleFreeBSD
AlertNumber2

A vulnerability was reported in FreeBSD telnetd. A remote user can supply specially crafted parameters to trigger a memory error and cause the target telnetd process to invoke the login(1) function with ostensibly restricted arguments. A remote user may be able to exploit this to bypass login authentication on the target system.

More info.

They also updated libc from a previously reported vulnerability.  More info.

AlertTitleAuto
AlertNumber2

A vulnerability was identified in the Gateway ECU in Tesla Motors Inc.’s (Tesla) Model S automobile. The vulnerability allows the vehicle’s software and driving functions to be controlled remotely through the web browser, which must be launched or already running from a previous launch. This allows attackers to gain access to the vehicle’s CAN bus through a firmware validation flaw in the Gateway ECU of the vehicle.
More info.

AlertTitleSCADA
AlertNumber2

A command injection vulnerability has been identified in Locus Energy’s LGate application. The vulnerability could allow an attacker to take control of LGate that has its web server port publicly exposed.
More info.

The operating system used by the ABB Relion 670 series (VxWorks) has a weakness in the random number generator of the TCP implementation that may allow remote attackers to predict the correct TCP ISN (Initial Sequence Number) from previous values. This vulnerability could be exploited remotely. Successful exploitation of this vulnerability may allow an attacker to spoof or disrupt TCP connections of the affected products.
More info.
Relion 650 series too.  More info.

AlertTitleHP
AlertNumber2

A potential security vulnerability in the DES/3DES block ciphers could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. This vulnerability could be exploited remotely resulting in disclosure of information.
More info.

AlertTitleF5
AlertNumber2

F5 has published several bulletins listing vulnerabilities affecting their BIG-IP, Traffix SDC, and BIG-IQ products.
More info.

AlertTitleHuawei
AlertNumber2

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can enter some functional modules without authorization and perform operations to update the Google account. As a result, the FRP function is bypassed.
More info.

AlertTitleEMC

EMC RecoverPoint Multiple Vulnerabilities
More info.

UPDATE:
EMC Data Domain DD OS Multiple Vulnerabilities.  See bulletin linked above.

AlertTitleAndroid

The monthly security bulletin for Android is out, with 6 Critical, 22 High, and 12 Moderate vulnerabilities.

More info.

AlertTitleMisc

Sony IPELA Engine IP Cameras contain multiple backdoors. Those backdoor accounts allow an attacker to run arbitrary code on the affected IP cameras. An attacker can use cameras to take a foothold in a network and launch further attacks.

More info.

AlertTitleNetwork

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.
More info.

UPDATE:
Other NetApp vunerabilities were published yesterday as well.  More info.

AlertTitleBlank

 
 

AlertTitleBlank

 
 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/