Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                    

Current Alerts

Apple
High
Patch

Multiple vulnerabilities were reported in Apple iOS. A remote or local user can obtain potentially sensitive information. A local user can obtain elevated privileges on the target system. A remote user can spoof content.

More info.

Several vulnerabilities were reported in Apple Safari. A remote user can obtain potentially sensitive information on the target system. A remote user can spoof content.  This fixes the address bar spoof previously reported.
More info.

The Apple Support for iOS app sends analytics data via HTTP. A remote user in a privileged network position can exploit this flaw in the Analytics component to intercept analytics data sent to Apple.
More info.

Apple also released updates for watchOS and tvOS.  More info.  and here.

Adobe
High
Patch

Adobe is planning to release security updates for Adobe Acrobat and Reader for Windows and macOS on Wednesday, September 19, 2018.  These updates will address critical vulnerabilities in the software.

More info.

Chrome
High
Patch

Google has released an update for Chrome for the desktop with security fixes.

More info.

IBM
High
Patch

Certain versions of Apache Struts 2 Framework are vulnerable to RCE attacks. IBM Connections uses Apache Struts 2.

More info.

Wecon
High
0-day

ZDI reports two 0-day vulnerabilities in Wecon PLC Editor. These vulnerabilities allow remote attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit.

More info.  And here.

HPE
Guarded
+24hr

Security vulnerabilities in HPE Intelligent Management Center (iMC) Wireless Services Manager Software could be remotely exploited to allow remote code execution.

More info.

Apple
Guarded
+24hr

A weakness exists in Apple's web rendering engine WebKit, which is used by all apps and web browsers running on the Apple's operating system. A proof-of-concept (PoC) web page containing an exploit that uses only a few lines of specially crafted CSS & HTML code which causes a full device kernel panic and an entire system reboot.

More info.

Apache
Guarded
+24hr

Apache SpamAssassin 3.4.2 was recently released and fixes several security issues, including a denial of service vulnerability that arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts.

More info.

Honeywell
Guarded
+24hr

An improper privilege management vulnerability exists in the Honeywell mobile computers running the Android Operating System.  A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges.

More info.

EMC
Guarded
+24hr

xRail Security Update for Multiprocessor L1 Terminal Fault Vulnerabilities, and Avamar and NetWorker Security Update for Multiple Components

More info.

Linux
Guarded
Update

SUSE has updated curl and openssh.

More info.

OpenSUSE has updated chromium, curl, the kernel, tomcat, zsh, and others.  More info.
Debian has updated mbedtls, thunderbird, and others.  More info.
Ubuntu has updated curl.  More info.
Mageia has updated the kernel.  More info.

UPDATE:
RedHat has updated java.  More info.
Ubuntu has updated clamav and php.  More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!