CVE-2019-7712

Name of the Vulnerable Software and Affected Versions Green Hills INTEGRITY RTOS version 5.0.4

Description An issue in the Interpeak IPCOMShell TELNET server allows an attacker to forge a path containing format string modifiers when using the pwd command. This results in an information leak of memory addresses due to the lack of proper checks on the current working directory path used as an argument to printf().

Recommendations For Green Hills INTEGRITY RTOS version 5.0.4, consider restricting access to the pwd command in the Interpeak IPCOMShell TELNET server until a proper fix is applied to prevent the evaluation of custom format strings. As a temporary workaround, avoid using the pwd command with untrusted input to minimize the risk of information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.