Product Support

Vulnerability Report - Improper program execution from incorrect literal handling on Libra 6400/8400.

 
Unisys ID: UIS-2017-4
Status: Published
CVE-ID: CVE-2017-13684
Affected Product: Libra 6400, 8400, FS601
Affected Version: 43.185
Impact: HIGH
CVSS v3.1 Base Score: 7.8
CVSS v3.1 Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C/CR:X/IR:L/AR:L/MAV:L/MAC:H/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H  v3 Calculator
CVSS v2.0 Base Score:
CVSS v2.0 Vector: Not Supplied  v2 Calculator
CVSS Temporal Score: 6.8
Common Weakness Enumeration (CWE): 
Common Platform Enumeration (CPE): 
Source: Client Reported
Keyword(s): SPLIT LITERAL
Vulnerability Description:
CPM stack corruption on Libra 64xx/84xx and FS601 can occur using crafted code sequences which cause invalid stack frames.
System Configuration:
MCP FIRMWARE version 43.185 which only runs on the Libra 6400/8400 or FS601 class system.
Impact of Exploiting Vulnerability:
Impacts range from program termination through an INVALID INDEX or INVALID ARGUMENT as an operator encounters an invalid stack state to other possible behaviors.
Remediation Description:
Update to MCP-FIRMWARE version 43.211.
Workaround Information:
No procedural workaround information is available.
References:
PLE 19202381
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.