Denial of Service Vulnerability in Unisys Libra Systems
CVE-2015-4049

6.8MEDIUM

Key Information:

Vendor: Unisys
Status: Mcp-firmware
Vendor: CVE Published:; 3 February 2017

What is CVE-2015-4049?

A vulnerability affecting Unisys Libra 43xx, 63xx, and 83xx, along with FS600 class systems, is found in MCP-FIRMWARE versions prior to 40.0IC4 Build 270. This vulnerability may allow remote authenticated users to exploit program operators in EPSILON (level 5) based codefiles during peak memory usage. The exploitation can lead to CPM stack corruption, resulting in data corruption or system crashes, thereby causing a denial of service.

References

http://public.support.unisys.com/common/public/vulnerabil...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2017
Vulnerability Reserved
May 20, 2015

CVE-2015-4049 Data

JSON