CVE-2019-7711

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
ghsintegrity_rtos
5.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/bl4ckic3/GHS-Bugs
https://www.ghs.com/products/rtos/integrity.html
https://github.com/bl4ckic3/GHS-Bugs
https://www.ghs.com/products/rtos/integrity.html