|
| |
| Unisys ID: |
UIS-2018-2 |
| Status: |
Published |
| CVE-ID: |
CVE-2018-5762 |
| Affected Product: |
MCP TCP/IP Networking |
| Affected Version: |
58.1, 59.1, 60.0 |
| Impact: |
MEDIUM |
| CVSS v3.1 Base Score: |
5.9 |
| CVSS v3.1 Vector: |
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
v3 Calculator |
| CVSS v2.0 Base Score: |
|
| CVSS v2.0 Vector: |
Not Supplied
v2 Calculator |
| CVSS Temporal Score: |
5.5 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
|
| Source: |
External Reported |
| Keyword(s): |
ROBOT |
| Vulnerability Description: |
| MCP TLS implementation (in TCP/IP networking) is susceptible to the ROBOT attack. |
| System Configuration: |
| MCP environment with TLS running with at least one service enabled to use TLS. |
| Impact of Exploiting Vulnerability: |
| Same as standard ROBOT vulnerability - brute force / blind oracle attack that an attacker can passively record traffic and later decrypt it using the different answers given back to specially crafted messages of the TLS handshake. |
| Remediation Description: |
| Upgrade to version 58.160, 059.1a.17 (IC #17) or 60.044 of MCP TCP/IP networking. |
| Workaround Information: |
| None. |
| References: |
| PLE 19219623 |
| Additional Vendor Comment: |
|