|
| |
| Unisys ID: |
UIS-2017-4 |
| Status: |
Published |
| CVE-ID: |
CVE-2017-13684 |
| Affected Product: |
Libra 6400, 8400, FS601 |
| Affected Version: |
43.185 |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
7.8 |
| CVSS v3.1 Vector: |
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C/CR:X/IR:L/AR:L/MAV:L/MAC:H/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H
v3 Calculator |
| CVSS v2.0 Base Score: |
|
| CVSS v2.0 Vector: |
Not Supplied
v2 Calculator |
| CVSS Temporal Score: |
6.8 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
|
| Source: |
Client Reported |
| Keyword(s): |
SPLIT LITERAL |
| Vulnerability Description: |
| CPM stack corruption on Libra 64xx/84xx and FS601 can occur using crafted code sequences which cause invalid stack frames. |
| System Configuration: |
| MCP FIRMWARE version 43.185 which only runs on the Libra 6400/8400 or FS601 class system. |
| Impact of Exploiting Vulnerability: |
| Impacts range from program termination through an INVALID INDEX or INVALID ARGUMENT as an operator encounters an invalid stack state to other possible behaviors. |
| Remediation Description: |
| Update to MCP-FIRMWARE version 43.211. |
| Workaround Information: |
| No procedural workaround information is available. |
| References: |
| PLE 19202381 |
| Additional Vendor Comment: |
|