Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Current Alerts

Chrome
High
Patch

Google has released Chrome with additional fixes for a previously addressed vulnerability.

More info.

phpMyAdmin
High
Patch

phpMyAdmin released an updated version 4.8.4 of its software to patch several important vulnerabilities that could eventually allow remote attackers to take control of the affected web servers.

More info.  And here.

EMC
Increased
Patch

Unisphere for VMAX, Dell EMC Unisphere for VMAX Virtual Appliance, Dell EMC VASA Virtual Appliance, Dell EMC Solutions Enabler Virtual Appliance and Dell EMC VMAX Embedded Management update for multiple vulnerabilities in Oracle JRE and PostgreSQL

More info.

F5
Increased
Patch

BIG-IP, BIG-IQ, F5 iWorkflow, and Enterprise Manager contain SNMPv3 passwords in clear text in the configuration files. This vulnerability may allow an attacker to use the clear text passphrases to compromise the SNMP monitoring devices.  Only one version has patches so far.

More info.

Microsoft
Increased
+24hr

Microsoft Monthly patches are out.  39 vulnerabilities, 10 Critical, 1 publicly disclosed and 1 exploited (EoP in the kernel).  Patches for Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Dynamics NAV, Microsoft Exchange Server, Microsoft Visual Studio, and Windows Azure Pack (WAP).

More info.  And here.

Adobe
Increased
+24hr

Adobe has released security updates for Adobe Acrobat and Reader for Windows and MacOS. These updates address critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.   

More info.

SAP
Increased
+24hr

SAP Monthly Patches are out.  Fourteen patches, 2 rated "Hot News", 3 rated High.  Three are updates to previous bulletins.

More info.

Mozilla
Guarded
Update

Mozilla has published updates for critical vulnerabilities in Firefox and Firefox ESR.

More info.  And here.

Ubuntu has updated.  More info.

UPDATE:
Arch Linux has updated firefox.  More info.
Debian has updated firefox.  More info.

Siemens
Guarded
+24hr

Heap-based buffer overflow, integer overflow or wraparound, protection mechanism failure, permissions, privileges, and access controls, stack-based buffer overflow, uncaught exception vulnerabilities exist in the Siemens SINUMERIK Controllers software. Successful exploitation of these vulnerabilities could cause denial-of-service conditions, privilege escalation, or allow remote code execution.

More info.

Siemens produced a patch for a previously reported vulnerability in RUGGEDCOM WiMAX, RFID 181-EIP, and SIMATIC RF18.
More info.

The latest update for TIM 1531 IRC fixes a vulnerability. The devices was missing proper authentication when connecting on port 102/tcp, although configured.
More info.

McAfee
Guarded
+24hr

McAfee Agent handles TCP requests in a configured port. A specially crafted TCP packet allows an attacker to cause memory corruption, stability issues, or both, in one of the McAfee Agent components.

More info.

PaloAlto
Guarded
+24hr

A remote code execution vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). Successful exploitation of this issue may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.

More info.

NetBSD
Guarded
+24hr

Under certain circumstances bozohttpd can be tricked into revealing the contents of certain special files. These special files are configuration files for bozohttpd and include the standard .htpasswd file for HTTP Basic Authorisation, which contains both a list of user names and their encrypted passwords.

More info.

Linux
Guarded
Update

SUSE has updated openssl, python-crypto, java, and many more.

More info.

OpenSUSE has updated pdns.  More info.
Linux Oracle has updated the kernel.  More info.
Debian has updated php. More info.

UPDATE:
OpenSUSE has updated openssl.  More info.
Arch Linux has updated firefox.  More info.
RedHat has updated the kernel.  More info.
Debian has updated firefox.  More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!