PT-2017-16724 · Unisys · Tcp-Ip-Sw+1
Published
2017-03-10
·
Updated
2017-03-16
·
CVE-2017-5872
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Unisys ClearPath MCP systems with TCP-IP-SW versions 57.1 through 57.151
Unisys ClearPath MCP systems with TCP-IP-SW versions 58.1 through 58.141
Unisys ClearPath MCP systems with TCP-IP-SW versions 59.1 through 59.171
Description
The issue allows remote attackers to cause a denial of service, disrupting network connectivity, by sending a client hello with a
signature algorithms extension that includes values above those defined in RFC 5246, triggering a full memory dump when a TLS 1.2 service is running.Recommendations
For Unisys ClearPath MCP systems with TCP-IP-SW versions 57.1 through 57.151, update to version 57.152 or later.
For Unisys ClearPath MCP systems with TCP-IP-SW versions 58.1 through 58.141, update to version 58.142 or later.
For Unisys ClearPath MCP systems with TCP-IP-SW versions 59.1 through 59.171, update to version 59.172 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tcp-Ip-Sw
Unisys Clearpath Mcp