|
| |
| Unisys ID: |
UIS-2017-2 |
| Status: |
Published |
| CVE-ID: |
CVE-2017-5872 |
| Affected Product: |
TCP-IP-SW |
| Affected Version: |
57.1, 58.1, 59.1 |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
7.5 |
| CVSS v3.1 Vector: |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
v3 Calculator |
| CVSS v2.0 Base Score: |
|
| CVSS v2.0 Vector: |
Not Supplied
v2 Calculator |
| CVSS Temporal Score: |
7.2 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
|
| Source: |
Client Reported |
| Keyword(s): |
CVE-2017-5872 |
| Vulnerability Description: |
| The TCP/IP networking module of ClearPath MCP creates a full memory dump when a TLS v1.2 client hello is received with a signature_algorithms extension with values above what is defined in the RFC 5246 specification. TCP/IP networking is inoperable until a reboot of the system is completed. |
| System Configuration: |
| ClearPath MCP system running 57.1 Networking (before 57.159) or 58.1 Networking (before 58.157) or 59.1 (before 59.1 IC 12 of TCP-IP-SW) and at least one service offering secured connections via SSL/TLS. |
| Impact of Exploiting Vulnerability: |
| Network communication stops, and the system must be rebooted to restore full network connectivity. |
| Remediation Description: |
| Upgrade to TCP-IP-SW version 57.159, 58.157, or 59.189.8014 (IC 12 of TCP-IP-SW). |
| Workaround Information: |
| Configure the client to either only use RFC 5246 specified signature_algorithms or set the maximum value for SSL/TLS version to TLS 1.0 or TLS 1.1 (which do not require the signature_algorithms extension). |
| References: |
| PLE 19177271, PLE 19199801 |
| Additional Vendor Comment: |
|