Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Current Alerts

AlertTitleNovell

A patch is now available for NetIQ Privileged Account Manager to provide an upgrade of OpenSSL to eliminate potential security vulnerabilities.

More info.

AlertTitleBIND

A malformed query response received by a recursive server in response to a query of RTYPE ANY could trigger an assertion failure while named is attempting to add the RRs in the query response to the cache.  3 other assertion failure vulnerabilities were listed as well.
More info.

SuSE has updated.  More info.
OpenSUSE has updated.  More info.
Debian has updated.  More info.
Ubuntu has updated.  More info.

UPDATE:
F5 has published bulletins.  More info.

AlertTitleJuniper

Juniper Patch Day, 7 patches covering DoS of JunOS, OpenSSH updates in NSM, ethernet packet information leak, multiple vulnerabilities in Junos Space.
More info.

AlertTitleAdobe

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
More info.

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
More info.

Microsoft published a patch.  More info.
RedHat has updated.  More info.

UPDATE:
Gentoo Linux has updated.  More info.

AlertTitleBlank

 

 

AlertTitleFreeBSD

FreeBSD has put out an OpenSSH update.
More info.

AlertTitleSCADA

Advantech's WebAccess contain vulnerabilities which allowAuthentication Bypass and SQL Injection. Successful exploitation of this authentication bypass vulnerability could allow an attacker to access pages unrestricted; SQL injection condition may allow remote code execution.

More info.

Carlo Gavazzi's VMU-C EM and VMU-C PV contains Access Control Flaws, CSRF, Sensitive Information Stored In Clear Text. Successful exploitation of these vulnerabilities could allow the attacker to execute configuration parameter changes and saving modified configuration.
More info.

AlertTitleMicrosoft

Microsoft Patch Day includes 4 bulletins, 2 marked Critical allowing remote code execution.  Updates include Edge, Office, Adobe Flash Player, and Local Security Authority Subsystem Service.

More info.

AlertTitleHP

A security vulnerability in DES/3DES block ciphers used in the TLS protocol, could potentially impact HPE SiteScope resulting in remote disclosure of information, also known as the SWEET32 attack.

More info.

Potential security vulnerabilities have been identified and addressed in HPE Helion Eucalyptus. These vulnerabilities could be exploited remotely to allow unauthorized access, modification and/or unauthorized disclosure of information.
More info.

AlertTitleBlueCoat

Blue Coat products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities.  A remote attacker can modify the target’s system time, prevent the target from synchronizing its time, cause denial of service through NTP daemon crashes, perform DDoS attack amplification, and evade security monitoring in the NTP daemon.
More info.

AlertTitleBlank

 
 

AlertTitleBlank

 
 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/