Product Support

Vulnerability Report - Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel

 
Unisys ID: UIS-2019-3
Status: Published
CVE-ID: CVE-2019-18386
Affected Product: MCP-FIRMWARE
Affected Version: ALL
Impact: HIGH
CVSS v3.1 Base Score: 8.7
CVSS v3.1 Vector: AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H  v3 Calculator
CVSS v2.0 Base Score:
CVSS v2.0 Vector: Not Supplied  v2 Calculator
CVSS Temporal Score: 8.3
Common Weakness Enumeration (CWE): 
Common Platform Enumeration (CPE): 
Source: Internal Reported
Keyword(s): SYSMGMT
Vulnerability Description:
Systems Management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel.
System Configuration:
MCP-FIRMWARE running on ClearPath Forward Libra or ClearPath MCP Software Series systems.
Impact of Exploiting Vulnerability:
Random vectors including system unavailability.
Remediation Description:
Upgrade to latest levels.
Workaround Information:
On ClearPath MCP Software Series, disable Remote management during installation or rolling back Remote Management hardening settings post installation.
References:
PLE 19268101 (ClearPath Forward Libra), PLE 19268497 (ClearPath MCP Software Series)
Additional Vendor Comment:
 
 
 

Disclaimer:

Unisys Corporation provides the information in this Security Vulnerability Report “AS IS.” No warranties of any nature are extended by or for the information. Unisys disclaims any financial or other responsibility that may result from your use of the information, including direct, indirect, special, or consequential damages.


Paper copies are not controlled and may be out of date; reference the Product Support Web site for current data.