Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                            

Current Alerts

AlertTitleSCADA

a DLL hijacking vulnerability has been identified in Schneider Electric’s OPC Factory Server (OFS) server application.  Exploitation of DLL hijack vulnerabilities can crash the system, and possibly give an attacker access to the system with the same privilege level as the application that utilizes the malicious DLL.

More info.

 

Emerson Process Management has identified an SQL injection vulnerability in its AMS Device Manager application.  The vulnerability allows privilege escalation by an anonymous user that can result in access to administrative functions of the application.  This was originally announced in April.

More info.

 

multiple vulnerabilities have been identified in OleumTech’s WIO family including the sensors and the DH2 data collector.  These vulnerabilities could be exploited remotely.  This update fixes a vulnerability originally publicized nearly a year ago.

More info.

AlertTitleSuSE

python-PyYAML was updated to fix one security issue which could have allowed an attacker to cause a denial of service by supplying specially crafted strings.

Also, KVM was updated to fix several security issues, including one which allowed remote attackers to cause a denial of service (crash) via a large L2 table.

More info.

 

OpenSUSE updated KVM as well.  More info.

AlertTitleSSLTLS

A nifty new name for a TLS vulnerability:  LogJam.

Several weaknesses have been identified in Diffie-Hellman key exchange, affecting TLS.  All Web browsers, and some email servers, are vulnerable.  (but the test said my browser was safe.)  Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack.

The most recent version of OpenSSH prefers Elliptic-Curve Diffie-Hellman Key Exchange.

More info.

 

UPDATE:  We're carrying this one another round, as vendors are just starting to react.

F5 doesn't know yet whether they're vulnerable.  More info.

Citrix put out a bulletin as well.  More info.

AlertTitleCisco
A vulnerability in the Representational State Transfer (REST) application programming interface (API) of the Cisco Access Control Server (ACS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

More info.

 

A vulnerability in the web framework of Cisco Security Manager could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack against the web interface.  This one has an update.

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleCisco
A vulnerability in the Protocol Independent Multicast (PIM) application of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to disrupt the multicast traffic forwarding on the affected device via a denial-of-service (DoS) attack.

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                           

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/