CVE-2019-7712

HIGH

Green Hills INTEGRITY RTOS 5.0.4 - Info Disclosure

Title source: llm

Description

An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path containing format string modifiers to get a custom format string evaluated. This results in an information leak of memory addresses.

References (2)

[Third Party Advisory] https://github.com/bl4ckic3/GHS-Bugs

[Vendor Advisory] https://www.ghs.com/products/rtos/integrity.html

Scores

CVSS v3 7.5

EPSS 0.0032

EPSS Percentile 55.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-134

Status published

Products (1)

ghs/integrity_rtos 5.0.4

Published Mar 26, 2019

Tracked Since Feb 18, 2026