Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

Current Alerts

ICS
Increased
Patch

Code injection, command injection, use after free, and type confusion vulnerabilities exist in Omron's CX-Supervisor software.  Successful exploitation of these vulnerabilities could result in a denial-of-service condition, and/or allow an attacker to achieve code execution with privileges within the context of the application.

More info.

NetApp
Increased
Patch

Multiple NetApp products incorporate systemd-journald, a system service that collects and stores logging data. Versions of systemd-journald through 240 are susceptible to vulnerabilities that when exploited could lead to the disclosure of sensitive information, addition or modification of data, or DoS.

More info.

Linux
High
Patch

SUSE has updated krb5.

More info.

OpenSUSE has updated wget, krb5, and others.  More info.
Ubuntu has updated irssi.  More info.

CA
Guarded
+24hr

CA is alerting customers to potential risks with Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain additional privileges. The first vulnerability allows a malicious actor to access and submit survey information without authentication. The second vulnerability allows for a malicious actor to gain additional privileges.

More info.

SCADA
Guarded
+24hr

Eaton has identified a path traversal vulnerability in its Intelligent Power Management (IPM) software.

More info.

Oracle
Guarded
+48hr

Oracle Quarterly Patches are out.  There are 284 vulnerabilities addressed across the product line, with 189 of them remotely exploitable without authentication.  Patches are available for Database Server, Communications Applications, Construction and Engineering, E-Business, Enterprise Manager, Financial Services, Food and Beverage, Fusion Middleware, Health Sciences, Hospitality, Hyperion, Insurance, Java SE, JD Edwards, MySQL, PeopleSoft, Retail, Siebel CRM, Sun, Supply Chain, Support Tools, Utilities, and Virtualization.   Have a great day!

More info.

Oracle Solaris bulletin is out as well listing 19 vulnerabilities, 9 of them remotely exploitable without authentication.
More info.

Oracle Linux bulletin was published listing 34 vulnerabilities, all of them remotely exploitable without authentication.
More info.

Microsoft
Guarded
+48hr

Microsoft has published additional updates for Team Foundation Server.

More info.

Microsoft is aware of a tampering vulnerability exists when .NET Core (PowerShell Core) improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories.
More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!