Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Current Alerts

AlertTitleLinux

OpenSUSE has updated mbedtls.  A remote user could have used a specially crafted certificate to cause mbedtls to free a buffer allocated, which could have allowed remote code execution on some platforms.

More info.

Several updates in SuSE.  More info.

AlertTitleTrendMicro

Trend Micro has released a hot fix for the Trend Micro Security 2017 family of consumer-focused products. This hot fix resolves a potential security issue that could be triggered when a malicious user tries to inject a DLL into a Trend Micro Security process by taking advantage of Microsoft's Standard Application Verifier Provider DLL.  "Double Agent".

More info.

AlertTitleCisco

A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device.  This one is marked Critical
More info.

A vulnerability in the DHCP code for the Zero Touch Provisioning feature of Cisco ASR 920 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload.
More info.

A vulnerability in the web user interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
More info.

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing function of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
More info.

A vulnerability in the DHCP client implementation of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
More info.

A vulnerability in the web framework code of the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an unauthenticated, remote attacker to read any file from the CAF in the virtual instance running on the affected device.
More info.

AlertTitleAlienVault

Several vulnerabilities were discovered in the underlying OS packages in AlienVault USM and OSSIM v5.3.6 and earlier. All of the vulnerabilities below have been confirmed and fixed in the AlienVault v5.3.7. 
More info.

AlertTitleSAP
AlertArrowDown2

The details of a client side SAP vulnerability patched earlier this month has been made public at a Security Conference.  Given that the flaw is client and not server side we expect that not all have patched, and are raising the alert level accordingly.

News reports here and here, original patch day report from SAP here.

AlertTitleHP

Potential security vulnerabilities have been identified in HPE OpenCall Media Platform (OCMP). The vulnerabilities could be remotely exploited to allow remote code execution and/or cross-site scripting (XSS).

More info.

AlertTitleF5

An unauthenticated remote attacker may be able to disrupt services on the BIG-IP system with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive database variable value is set to enabled. The default value for the tm.tcpprogressive database variable is negotiate.

More info.

AlertTitleSCADA

A path traversal vulnerability in the LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA software could allow an unprivileged, malicious attacker to access files remotely.

More info.

Becton, Dickinson and Company (BD) has identified a hard-coded password vulnerability in BD’s Kiestra PerformA and KLA Journal Service applications that access the BD Kiestra Database.
More info.

AlertTitleNetwork

NetApp OnCommand System Manager versions 8.3.x prior to 9.0 are susceptible to a vulnerability which could enable remote attackers to obtain credentials during cluster peering setup.

More info.

AlertTitleChromeOS

ChromeOS has an update with undisclosed security fixes.
More info.

AlertTitleBlank

 
 

AlertTitleApple

Apple has updated iTunes for Windows and Mac to 12.6 to correct 2 vulnerabilities in SQLite and expat.
More info.

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/