|
| |
| Unisys ID: |
UIS-2021-7 |
| Status: |
Published |
| CVE-ID: |
CVE-2021-45445 |
| Affected Product: |
MCP TCP/IP |
| Affected Version: |
59.1, 60.0, 62.0 |
| Impact: |
HIGH |
| CVSS v3.1 Base Score: |
7.5 |
| CVSS v3.1 Vector: |
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v3 Calculator |
| CVSS v2.0 Base Score: |
7.8 |
| CVSS v2.0 Vector: |
AV:N/AC:L/Au:N/C:N/I:N/A:C
v2 Calculator |
| Common Weakness Enumeration (CWE):  |
CWE-835 |
| Common Platform Enumeration (CPE):  |
cpe:2.3:o:clearpath_mcp:tcpip |
| Source: |
Client Reported |
| Keyword(s): |
TCP/IP |
| Vulnerability Description: |
| A crafted, malformed TCP packet can cause the networking NP worker stack to go into an infinite loop, causing 100% CPM utilization. |
| System Configuration: |
| Normal networking configuration. |
| Impact of Exploiting Vulnerability: |
| The networking input stack (for example, TCPIP/ACADIA/NP/N, where N is the network processor number) becomes stalled in an infinite loop. The stack name is TCPIP/ACADIA/NP/N in newer/v3 platforms, and TCPIP/~/DYNSRV/N in older/v2 platforms. |
| Remediation Description: |
| Upgrade to version TCP-IP-SW-059.1A.55, TCP-IP-SW-060.0a.26, or TCP-IP-SW-062.0a.3. |
| Workaround Information: |
| None available. |
| References: |
| PLE 19322912 |
| Additional Vendor Comment: |
|