PT-2019-18715 · Interpeak+1 · Interpeak Ipcomshell+1

Ali Abbasi

Publicado

2019-03-26

Atualizado

2023-09-20

CVE-2019-7711

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Green Hills INTEGRITY RTOS version 5.0.4

Description An issue was discovered in the Interpeak IPCOMShell TELNET server. The undocumented shell command "prompt" sets the shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.

Recommendations For Green Hills INTEGRITY RTOS version 5.0.4, consider disabling the use of the prompt command in the Interpeak IPCOMShell TELNET server as a temporary workaround until a patch is available. Restrict access to the TELNET server to minimize the risk of exploitation.

Correção

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

CVE-2019-7711

Produtos afetados

Green Hills Integrity Rtos

Interpeak Ipcomshell

PT-2019-18715 · Interpeak+1 · Interpeak Ipcomshell+1

CVE-2019-7711

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5