Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                          

Current Alerts

Apache
Increased
Patch

Two vulnerabilities were reported in Apache Tomcat Native.  A remote user with a revoked client certificate and using mutual TLS may be able to authenticate using the revoked certificate.  A remote user with a revoked client certificate and using mutual TLS may be able to authenticate using the revoked certificate on systems that use pre-produced responses from an OCSP responder.

More info.

ICS
High
Patch

Uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities exist in Emerson's Delta V workstations. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations.

More info.

Path traversal and improper authentication vulnerabilities exist in Tridum's Niagara systems. Successful exploitation of these vulnerabilities could crash the device being accessed; a buffer overflow condition may allow remote code execution.
More info.

The WAGO 750-8xx controller are susceptible to a Denial-of-Service attack due to a flood of network packets.
More info.

Yokogowa
Increased
Patch

Vulnerabilities of debug functions have been found in Vnet/IP network switches.

More info.

A buffer overflow vulnerability has been found in the license management function of YOKOGAWA products.
More info.

Medical
Increased
New

Improper input validation and use of hard-coded credentials vulnerabilities exist in Philips' PageWriter Cardiographs. Successful exploitation of these vulnerabilities could allow buffer overflows, or allow an attacker to access and modify settings on the device.

More info.

EMC
Increased
Patch

Dell EMC Enterprise Hybrid Cloud Security Update for embedded Data Protection Advisor, ARSA NetWitness Platform Server-Side Template Injection Vulnerability, RSA Archer SQL Injection Vulnerability within embedded WorkPoint component, Dell EMC Integrated Data Protection Appliance Security Update for Dell EMC iDRAC Vulnerabilities, and Dell EMC Data Domain DD3300 Security Update for Dell EMC iDRAC Vulnerabilities

More info. (login required)

Linux
High
Patch

SUSE has updated xen, mutt, python, and others.

More info.

OpenSUSE has updated samba, apache, php, clamav, and the kernel.  More info.
Debian has updated xen and intel-microcode.  More info.
Ubuntu has updated postgresql and webkit.  More info.

Cisco
Guarded
+24hr

Cisco has published 10 new bulletins and 3 updated bulletins. 

More info.

A vulnerability in the web interface of the Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques.
More info.

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system.
More info.

A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM and Presence Service (CUCM IMandP) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IMandP users, resulting in a denial of service (DoS) condition.
More info.

A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
More info.

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system.
More info.

McAfee
Guarded
+24hr

McAfee has updated ePolicy Orchestrator two difficult to exploit vulnerabilities that allow an unauthenticated attacker with network access via multiple protocols to compromise Java SE.

More info.

NetApp
Guarded
+24hr

NetApp has published bulletins about their investigations into third party software in their products, including versions of Linux (SegmentSmack), FreeBSD, Samba, and the L1TF CPU issue.

More info.

HPE
Guarded
+24hr

A potential security vulnerability has been identified in HPE Integrated Lights Out 4 and 5 (iLO 4,5). The vulnerability could be exploited remotely to allow denial of service.

More info.

Oracle
Guarded
+48hr

Oracle is advising customers to update their database software following the discovery and disclosure of a critical remote code execution vulnerability. The flaw was given a CVSS base score of 9.9 (out of 10) and Oracle warns that successful exploit of the bug "can result in complete compromise of the Oracle Database and shell access to the underlying server."

More info.

Microsoft
Guarded
+48hr

Microsoft Monthly patches are out.  Critical updates have been released for ChakraCore, Exchange Server, SQL Server, Windows Server, Windows 7, Windows 8.1, Windows RT, Windows 10, Microsoft Edge, and Internet Explorer.  Important and Moderate updates were released for .NET Framework, Excel, Office, Outlook, PowerPoint, SharePoint Server, Visual Studio, Word Automation Services, Exchange Server, and Internet Explorer.  Mitigations were provided for Lazy FP State Restore as well.

More info.

UPDATE:
Two of the patched vulnerabilities are publicly disclosed, one widely exploited.  More info.

Nice visual summary of Patch Tuesday by Morphus Labs.  More info.

UPDATE 2:
A vulnerability in Microsoft’s Active Directory Federation Services (ADFS) has been uncovered that would allow malicious actors to bypass multi-factor authentication (MFA) safeguards.  Patch expected next week.  More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!