PT-2017-16724 · Unisys · Tcp-Ip-Sw+1
Publicado
2017-03-10
·
Atualizado
2017-03-16
·
CVE-2017-5872
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Unisys ClearPath MCP systems with TCP-IP-SW versions 57.1 through 57.151
Unisys ClearPath MCP systems with TCP-IP-SW versions 58.1 through 58.141
Unisys ClearPath MCP systems with TCP-IP-SW versions 59.1 through 59.171
Description
The issue allows remote attackers to cause a denial of service, disrupting network connectivity, by sending a client hello with a
signature algorithms extension that includes values above those defined in RFC 5246, triggering a full memory dump when a TLS 1.2 service is running.Recommendations
For Unisys ClearPath MCP systems with TCP-IP-SW versions 57.1 through 57.151, update to version 57.152 or later.
For Unisys ClearPath MCP systems with TCP-IP-SW versions 58.1 through 58.141, update to version 58.142 or later.
For Unisys ClearPath MCP systems with TCP-IP-SW versions 59.1 through 59.171, update to version 59.172 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tcp-Ip-Sw
Unisys Clearpath Mcp