Alert Details


Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

Current Alerts

Symantec
High
Patch

Symantec Network Protection products using affected versions of Apache httpd are susceptible to multiple security vulnerabilities. A remote attacker can obtain sensitive information, bypass intended security restrictions, modify session information in CGI applications, replay authenticated HTTP requests, and cause denial of service.

More info.

Asterisk
High
Patch

There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker’s request causes Asterisk to segfault and crash.

More info.

McAfee
Increased
Patch

McAfee has published an update for Web Gateway that fixes two vulnerabilities that could result in improper certificate validation or DoS.

More info.

NetApp
High
Patch

All StorageGRID Webscale versions are susceptible to a vulnerability which could permit an unauthenticated attacker to communicate with systems on the same network as the StorageGRID Webscale Admin Node via HTTP or to take over services on the Admin Node.  This has been publicly disclosed.

More info.

Intel
Guarded
+24hr

Intel has published eight new bulletins, covering RAID Web Console, Ready Mode Technology, Driver and Support Assistant, Trace Analyzer, and others.

More info.

Multiple potential security vulnerabilities in Cisco Compatible eXtensions (CCX) component in Intel® PROSet/Wireless WiFi Software may allow escalation of privilege, denial of service and/or information disclosure.  Intel is releasing PROSet/Wireless WiFi Software updates to mitigate this potential vulnerability.
More info.

Hitachi
Guarded
+24hr

Hitachi has updated JP1/Veritas for apache struts vulnerabilities in OpsCenter.

More info.

Linux
Guarded
Update

SUSE has updated firefox and apache-pdfbox.

More info.

OpenSUSE has updated icecast.  More info.
RedHat has updated the kernel and others.  More info.
Ubuntu has updated spamassassin and python.  More info.

UPDATE:
Ubuntu has updated postgresql and the kernel.  More info.
RedHat has updated flash.  More info.

Microsoft
Increased
+24hr

Microsoft Monthly patches are out.  A total of 63 vulnerabilities were patched, with twelve marked Critical, two publicly disclosed, and one in active exploit (CVE-2018-8589).  There are patches for Internet Explorer, Edge, Windows, Office and Office Services and Web Apps, ChakraCore, .NET Core, Skype for Business, Azure App Service on Azure Stack, Team Foundation Server, Microsoft Dynamics 365, PowerShell Core, and Microsoft.PowerShell.Archive. 

More info.  And here.

Adobe
Increased
+24hr

Adobe Monthly patches are out.  There are patches for Acrobat and Reader, Photoshop CC, and the Flash Player.

More info.

Security updates for Adobe Acrobat and Reader for Windows resolve an important vulnerability which could lead to an inadvertent leak of the user’s hashed NTLM password. Proof-of-concept code is publicly available.
More info.

SAP
Guarded
+48hr

SAP Monthly patches are out.  14 bulletins, one rated Hot News, five rated High, the rest Medium.  Two are updates to previously released bulletins.  Bulletins include Security vulnerability in Spring Framework library used by SAP HANA Streaming Analytics, Security vulnerabilities in SAP Fiori Client, Zip Slip in SAP Disclosure Management, DOS in Web Intelligence Richclient 3 Tiers Mode, Remote Code Execution on TREX/BWA, and DoS in SAP Mobile Secure Android Application.

More info.

 

 Return to the top of the Alert Details Page

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

Alert Definitions

Product
Guarded

GUARDED This alert state represents the return towards normalisation of an alert state, indicating that there was a higher alert state due to a product vulnerability during the previous few days.

Product
Increased

INCREASED This alert state indicates that a product vulnerability has been identified within the last few days. The vulnerability is either difficult to exploit, or if exploited, results in reduced impact to the target system.

Product
High

HIGH This alert state indicates a more serious vulnerability which is exploitable.

Product
Critical

CRITICAL This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

Product
Increased
New

NEW This bottom descriptor is used with a vulnerability which has been identified in the last 24 hours, with no patch or exploit. It will typically be paired with Increased.

Product
Guarded
+24hr

+24hr This bottom descriptor is used with Indicates an alert state which has been present for more than 24 hours. It will typically be paired with Guarded, and could be changed to +48hr for an item that came out as Critical.

Product
simple increasedxH200
Patch

PATCH This bottom descriptor indicates that patches are available for vulnerabilities, whether it is the initial report or a patch of a vulnerability that had been previously reported.  It could be paired with Increased or High, and on rare occasions Critical.

Product
High
Exploit

EXPLOIT This bottom descriptor indicates that an Exploit has been made public for a vulnerability, whether it is the initial report or an indication of an exploit for a vulnerability that had been previously reported.  It could be paired with High or Critical.

Product
Critical
0-Day

ZERO DAY This bottom descriptor indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  It could be paired with High or Critical.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/
https://gchq.github.io/CyberChef/

 

Any other comments on our site or the Radar Page are welcome as well!