Product Support

Vulnerability Report - MCP TLS susceptible to ROBOT attack

 
Unisys ID: UIS-2018-2
Status: Published
CVE-ID: CVE-2018-5762
Affected Product: MCP TCP/IP Networking
Affected Version: 58.1, 59.1, 60.0
Impact: MEDIUM
CVSS v3.1 Base Score: 5.9
CVSS v3.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N  v3 Calculator
CVSS v2.0 Base Score:
CVSS v2.0 Vector: Not Supplied  v2 Calculator
CVSS Temporal Score: 5.5
Common Weakness Enumeration (CWE): 
Common Platform Enumeration (CPE): 
Source: External Reported
Keyword(s): ROBOT
Vulnerability Description:
MCP TLS implementation (in TCP/IP networking) is susceptible to the ROBOT attack.
System Configuration:
MCP environment with TLS running with at least one service enabled to use TLS.
Impact of Exploiting Vulnerability:
Same as standard ROBOT vulnerability - brute force / blind oracle attack that an attacker can passively record traffic and later decrypt it using the different answers given back to specially crafted messages of the TLS handshake.
Remediation Description:
Upgrade to version 58.160, 059.1a.17 (IC #17) or 60.044 of MCP TCP/IP networking.
Workaround Information:
None.
References:
PLE 19219623
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.