Lucene search

[email protected]NVD:CVE-2019-7712

HistoryMar 26, 2019 - 1:29 a.m.

CVE-2019-7712

2019-03-2601:29:00

CWE-134

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.1%

JSON

An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.

Affected configurations

Nvd

Node

ghsintegrity_rtosMatch5.0.4

VendorProductVersionCPE
ghsintegrity_rtos5.0.4cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ghs	integrity_rtos	5.0.4	cpe:2.3:o:ghs:integrity_rtos:5.0.4:::::::*

References

github.com/bl4ckic3/GHS-Bugs

www.ghs.com/products/rtos/integrity.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

55.1%

JSON

Related for NVD:CVE-2019-7712

cvelist1 prion1 cve1