Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Current Alerts

AlertTitleDNS

Web Proxy Auto-Discovery (WPAD) Domain Name System (DNS) queries that are intended for resolution on private or enterprise DNS servers have been observed reaching public DNS servers. In combination with the New generic Top Level Domain (gTLD) program’s incorporation of previously undelegated gTLDs for public registration, leaked WPAD queries could result in domain name collisions with internal network naming schemes. Collisions could be abused by opportunistic domain registrants to configure an external proxy for network traffic, allowing the potential for man-in-the-middle (MitM) attacks across the Internet.
More info.

AlertTitleLinux

Two flaws were found in the way the RedHat Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality.

More info.

Oracle Linux has published 3 kernel security bulletins.
More info.

AlertTitleBlank

 
 

AlertTitleBlank

 

 

AlertTitleBlank

 
 

AlertTitleBlank

 
 

AlertTitleSCADA

Information disclosure vulnerabilities in SIPROTEC 4 and SIPROTEC Compact devices could allow an attacker to extract sensitive device information under certain conditions.
More info here and here..

AlertTitleLenovo

Vulnerabilities were identified on Android SHAREit versions lower than 3.5.98_ww that only affect users with older Android OS versions (4.2 or 4.4 or earlier).  Users with older Android versions may be vulnerable to remote code execution, an intent scheme URL attack or a UXSS attack.
More info.

AlertTitleCisco

A vulnerability in the Local Packet Transport Services (LPTS) network stack of Cisco IOS XR for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a limited denial of service (DoS) condition on an affected platform.

More info.

AlertTitleHuawei

Wi-Fi driver of some Huawei products have two buffer overflow vulnerabilities due to the lack of a parameters check. An attacker may trick a user into installing a malicious application, and the application can send given parameter to Wi-Fi driver to crash the system or escalate user privilege.

More info.

Some Huawei smartphones have an information leak vulnerability due to improper security status verification. An attacker may use a rogue base station to obtain information about subscribers' signal strengths.
More info.

AlertTitleNetwork

Nessus is potentially impacted by several vulnerabilities in OpenSSL that were recently disclosed and fixed.
More info.

The pfSense firewall system contains a security vulnerability. A deliberately malformed TCP SYN packet with option 20 (0x14) can cause the filterlog daemon to crash with a segmentation fault, which causes all logging of packets from firewall rules to cease.
More info.

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/