Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                

Current Alerts

AlertTitleMicrosoft
AlertNumberZ2

A vulnerability was reported in Microsoft IE and Edge. A remote user can cause arbitrary code to be executed on the target user's system.

More info.

AlertTitleNetwork

NetApp OnCommand Insight was updated for vulnerabilities across five different bulletins.
More info.

D-Link has updated their enterprise switches to correct a flaw that would allow a remote attacker to exploit authentication bypass vulnerabilities and execute remote and local commands on the D-Link enterprise switch.
More info.

AlertTitleLinux

RedHat has updated the kernel.  More info.
CentOS updated the kernel for CentOS 5  More info.
Oracle Linux updated the kernel.  More info.
Debian updated apache and bind.  More info.
Mageia updated the kernel, firebird, and other packages.  More info.
OpenSUSE published chromium updates.  More info.

AlertTitleF5

F5 has published 13 new bulletins, and updated several more.  Worth taking a look.
More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleNetwork
AlertArrowDown2

Cloudflare Reverse Proxies were Dumping Uninitialized Memory.  Big-name websites leaked people's private session keys and personal information into strangers' browsers, due to a Cloudflare bug uncovered by Google researchers. For several months Cloudflare's systems slipped random chunks of server memory into webpages, under certain circumstances.  Naturally, search engines cached that data as it was delivered out.

Original notice here.  More info.  Cloudfare statement here.

"Does it use Cloudflare?" site to check.

AlertTitleLinux

A vulnerability was reported in the Linux kernel. A remote user can send a specially crafted TCP packet and cause the target service to enter an infinite loop and consume excessive CPU resources on the target system.

More info.

AlertTitleSCADA

VIPA Controls WinPLC7 contains a Stack Buffer Overflow. Successful exploitation of this vulnerability could cause the software that the attacker is accessing to crash; a buffer overflow condition may allow remote code execution.
More info.

Red Lion Controls Sixnet-Managed Industrial Switches and Automation Direct STRIDE-Managed Ethernet Switches used Hard-coded cryptographic keys. Successful exploitation of the hard-coded cryptographic key vulnerabilities could result in loss of data confidentiality, integrity, and availability.
More info.

Schneider Electric Modicon M340 PLC contains a resource exhaustion vulnerability. Successful exploitation of this vulnerability may render the device unresponsive requiring a physical reset of the PLC.
Schneider bulletin here.  More info.

Schneider Electric reports on a conference presentation that demonstrated a specific threat scenario where an attacker could utilize limited security protection on existing product to potentially reprogram a Modicon M221 with new passwords, locking legitimate users out of the official programming software.
Mitigation recommendations here.

AlertTitleEMC

RSA Certificate Manager 6.9 Security Update for Multiple Embedded Components, EMC Atmos Security Update for SUSE Linux Enterprise Server components, and EMC Isilon OneFS Security Update for HTTPS (Sweet32)
More info.

AlertTitleMicrosoft

Google disclosed a Windows vulnerability that could allow someone to collect sensitive information via Internet Explorer and other software.
More info.

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/