Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  

Current Alerts

Firefox
High
Patch

Mozilla has released critical updates for Firefox and Firefox ESR.

More info.  And here.

Arch Linux has updated.  More info.

SCADA
Increased
New

PHOENIX CONTACT has reported a vulnerability allowing unauthorized access to the WEB-UI on FL NAT SMx. An unauthorized user can get access to the WEB-UI of the device if an authorized IP is used. After login the source IP is used as the session identifier, so that users sharing the same source IP are able to gain full authenticated access to the WEB-UI.

More info.  And here.

Phoenix Contact has published a security advisory for RAD-80211-XD and RAD80211-XD/HPBUSA. The WebHMI utility may be exploited by any logged in user allowing the execution of arbitrary OS commands on the server. This provides the opportunity for a command injection attack. CVSSv3 score is 9.9 although this requires local privileges.  This product is EOL.
More info.  And here.

Auto
Increased
New

The Tesla infotainment system is vulnerable to arbitrary code execution.

More info.

Medical
Guarded
+24hr

Improper access control and cleartext transmission of sensitive information vulnerabilities have been reported in Medtronic's proprietary Conexus telemetry system. The vulnerabilities could allow an unauthorized individual (i.e. someone other than a health care professional) to access and potentially change the settings of an implantable device, home monitor or clinic programmer.  Medtronic is conducting security checks to look for unauthorized or unusual activity that could be related to these vulnerabilities.

More info.  Sensationalized news article here.

F5
Guarded
+24hr

F5 has published ten new security advisories, the most severe of which may allow DoS.

More info.

NetApp
Guarded
+24hr

NetApp has published three new bulletins covering 3rd party software in their products.  The bulletins cover GNU C, GNU wget, and PHP.

More info.

OpenBSD
Guarded
+24hr

A state in pf could pass ICMP packets to a destination IP address that did not match the state.

More info.

Linux
Guarded
Update

SUSE has updated the kernel, wireshark, libxml, openssl, and unzip.

More info.

Ubuntu has updated firefox and others.  More info.
Mageia has updated firefox and others.  More info.

UPDATE:
SUSE has updated the kernel, unzip, and others.  More info.
Arch Linux has updated firefox, libssh2, and powerdns.  More info.
CentOS has updated firefox.  More info.
Debian has updated wireshark and apache auth_mellon.  More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!