Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleSCADA

Several vulnerabilities were identified in Honeywell’s Experion Process Knowledge System (EPKS) application. Honeywell has produced several patch updates (R400.6, R410.6 and 430.6) that resolve these vulnerabilities.

More info.

 

Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices. Innominate has produced a firmware patch that mitigates this vulnerability.

More info.

 

Siemens has published more updates for the vulnerabilities to Siemens SIMATIC WinCC, PCS7, and TIA Portal Vulnerabilities that were originally published December 11, 2014.

More info.

 

Emerson Process Management has produced a patch that mitigates all but the authentication bypass vulnerability in Emerson ROC800 that was published December 2, 2014.

More info.

AlertTitleNetwork

The Intelligent Platform Management Interface (IPMI) v1.5 implementations in multiple Dell iDRAC releases are vulnerable to arbitrary command injection due to use of insufficiently random session ID values.   A remote, unauthenticated attacker can inject arbitrary commands into a privileged session.

More info.

AlertTitleNovell

Novell has published security updates for GroupWise.

More info.

AlertTitleSuSE

SuSE has published updates for the kernel that correct multiple security vulnerabilities.
More info.

AlertTitleF5

A vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack (CPU and memory consumption) on the BIG-IP Configuration utility and the ARX management API.

More info.

AlertTitleCisco

A vulnerability in Subject header length processing on Cisco IronPort Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a limited denial of service (DoS) condition on an affected platform.

More info.

AlertTitleNovell

Novell has published security updates for NetIQ Access Manager.

More info.

AlertTitleIBM

IBM PSIRT has published 61 new reports of security updates.  Have fun.

More info.

AlertTitleCisco
A vulnerability in RSVP processing of Cisco IOS XR could allow an unauthenticated, remote attacker to cause a reload of the RSVP process on the affected device.

More info.

 

Cisco Adaptive Security Appliance (ASA) devices configured for WebVPN contain a DOM-based cross-site scripting vulnerability (XSS) within the Portal Login page. An unauthenticated, remote attacker who can convince a user to take a malicious action, could perform a XSS attack on the user.

More info.

AlertTitleHP

Potential security vulnerabilities have been identified with the TCP/IP Services for OpenVMS BIND 9 Resolver. These vulnerabilities could be remotely exploited to cause a Denial of Service (DoS) and other vulnerabilities.

More info.

 

Potential security vulnerabilities have been identified with HP OpenVMS POP. The vulnerabilities could be exploited remotely to create a server Denial of Service (DoS).

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/