Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleMedical

drchrono Electronic Health Record (EHR) web applications allow cross-site scripting (XSS) and cross-site request forgery (CSRF) that could allow an attacker to obtain sensitive patient information.  drchrono provides an EHR web application service at drchrono.com, onpatient.com, and possibly other domains.

More info.

AlertTitleBSD

a malicious server can cause ftp to execute arbitrary commands.

More info

AlertTitleOSX

See above.

 

AlertTitleIBM

Multiple security vulnerabilities exist in the IBM JRE that is shipped with the Rational Reporting for Development Intelligence (RRDI).

More info.

 

IBM Tivoli Application Dependency Discovery Manager contains a vulnerability that would allow an attacker to steal sensitive information to access TADDM database.

More info.

 

IBM Business Process Manager uses a mechanism to silently login users who have previously authenticated themselves. This mechanism is vulnerable to cross-site scripting attacks.

More info.

 

Multiple security vulnerabilities have been identified in the IBM SDK Java embedded within the IBM Virtualization Engine TS7700 microcode image.

More info.

 

AIX openSSL update is available.

More info.

AlertTitleUbuntu

Several security issues were fixed in PHP.

More info.

AlertTitleNetwork

 Multiple vulnerabilities have been discovered in the Aruba ClearPass product family. A vulnerability is present in all versions of ClearPass prior to 6.3.5 and 6.4.1 that may permit an attacker to run arbitrary commands with the privilege level of 'root', and others.

More info.

AlertTitleUbuntu

Wget contained a path traversal vulnerability when downloading symlinks using FTP. A malicious remote FTP server or a man in the middle could use this issue to cause Wget to overwrite arbitrary
files, possibly leading to arbitrary code execution.

More info.

AlertTitleSCADA

There is an update to a year old vulnerability in NC2 Wind Farm Portal.  It appears that they are patching, Nordex will upgrade all wind farms with a valid service contract to the patched version of the NC2-SCADA in coordination with normal maintenance operations.  Owners of Nordex NC2-based wind farms without a valid service contract can order the patch from Nordex by contacting their local Nordex service organization.

More info.

 

a reflected cross‑site scripting vulnerability was identified in the Meinberg Radio Clocks GmbH & Co. KG LANTIME M400 web interface. The reflected cross-site scripting vulnerability could cause the time server to provide misinformation to devices.  Meinberg has produced a firmware update that mitigates this vulnerability in all LANTIME M-Series.

More info.

 

two authentication vulnerabilities have been identified within the Accuenergy AXM-NET Ethernet module’s web server. The AXM-NET Ethernet module is an accessory for the Acuvim II. The authentication bypass vulnerability allows access to the settings on the Ethernet module web server interface without authenticating. The password bypass vulnerability allows an attacker to display passwords using JavaScript. A malicious user could create a denial of service for the web server by changing the network settings.Accuenergy has produced a firmware upgrade that mitigates these vulnerabilities.

More info.

AlertTitleLinksys

Linksys EA series routers running the Linksys SMART WiFi firmware contain multiple vulnerabilities.  A remote, unauthenticated attacker may be able to read or modify sensitive information on the router

More info.

AlertTitleF5

Due to PHP 5 vulnerabilities, Attackers may be able to cause a denial-of service (DoS) or execute arbitrary code. For potential impact regarding each vulnerability, refer to the CVE details.

More info.

AlertTitleFortinet

Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities. A remote unauthenticated attacker may be able to execute arbitrary scripts in the context of an authenticated user's browser session. 

More info.

AlertTitleCisco

A vulnerability in the CCM Service interface of the Cisco Unified Communications Manager Server contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system.

More info.

Ditto CCM Dialed Number Analyzer interface.  More info.

And CCM admin interface.  More info.

And CCM reports interface.  More info.

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/