CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.3%
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading “bad parameter” lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
Vendor | Product | Version | CPE |
---|---|---|---|
blackberry | qnx_neutrino_rtos | 6.4.1 | cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:* |
blackberry | qnx_neutrino_rtos | 6.5.0 | cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:* |
blackberry | qnx_neutrino_rtos | 6.5.0 | cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:* |