CVE-2019-7711

{"id": "CVE-2019-7711", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-03-26T01:29:00.773", "references": [{"url": "https://github.com/bl4ckic3/GHS-Bugs", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ghs.com/products/rtos/integrity.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command \"prompt\" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addresses."}, {"lang": "es", "value": "Se ha encontrado un problema en el servidor Interpeak IPCOMShell TELNET en Green Hills INTEGRITY RTOS 5.0.4. El int\u00e9rprete de comando no documentado shell configura el valor de introducci\u00f3n del comando shell controlado por el usuario, que se usa como introducci\u00f3n de la cadena de formato a printf, lo cual resulta en una fuga de informaci\u00f3n de direcciones de memoria."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ghs:integrity_rtos:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BF4035E-02BD-499A-AB23-346F1EC3A1AD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}