|
| |
| Unisys ID: |
UIS-2019-3 |
| Status: |
Published |
| CVE-ID: |
CVE-2019-18386 |
| Affected Product: |
MCP-FIRMWARE |
| Affected Version: |
ALL |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
8.7 |
| CVSS v3.1 Vector: |
AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
v3 Calculator |
| CVSS v2.0 Base Score: |
|
| CVSS v2.0 Vector: |
Not Supplied
v2 Calculator |
| CVSS Temporal Score: |
8.3 |
| Common Weakness Enumeration (CWE):  |
|
| Common Platform Enumeration (CPE):  |
|
| Source: |
Internal Reported |
| Keyword(s): |
SYSMGMT |
| Vulnerability Description: |
| Systems Management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel. |
| System Configuration: |
| MCP-FIRMWARE running on ClearPath Forward Libra or ClearPath MCP Software Series systems. |
| Impact of Exploiting Vulnerability: |
| Random vectors including system unavailability. |
| Remediation Description: |
| Upgrade to latest levels. |
| Workaround Information: |
| On ClearPath MCP Software Series, disable Remote management during installation or rolling back Remote Management hardening settings post installation. |
| References: |
| PLE 19268101 (ClearPath Forward Libra), PLE 19268497 (ClearPath MCP Software Series) |
| Additional Vendor Comment: |
|