Vulnerability Details : CVE-2019-7715

An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-controlled format string during login, resulting in an information leak of memory addresses.

Vulnerability category: Overflow

Published 2019-03-26 02:29:00

Updated 2019-03-27 14:28:52

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2019-7715

Probability of exploitation activity in the next 30 days: 0.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2019-7715

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2019-7715

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: [email protected] (Primary)

References for CVE-2019-7715

https://www.ghs.com/products/rtos/integrity.html

Vendor Advisory

CVEs referencing this url
https://github.com/bl4ckic3/GHS-Bugs

Third Party Advisory

CVEs referencing this url

Products affected by CVE-2019-7715

GHS » Integrity Rtos » Version: 5.0.4
cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*
Matching versions