PT-2019-18715 · Interpeak+1 · Interpeak Ipcomshell+1
Ali Abbasi
+1
·
Published
2019-03-26
·
Updated
2023-09-20
·
CVE-2019-7711
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Green Hills INTEGRITY RTOS version 5.0.4
Description
An issue was discovered in the Interpeak IPCOMShell TELNET server. The undocumented shell command "prompt" sets the shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses.
Recommendations
For Green Hills INTEGRITY RTOS version 5.0.4, consider disabling the use of the
prompt command in the Interpeak IPCOMShell TELNET server as a temporary workaround until a patch is available. Restrict access to the TELNET server to minimize the risk of exploitation.Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Green Hills Integrity Rtos
Interpeak Ipcomshell