CVE-2017-5671

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
honeywellintermec_pc23_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pc42_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pc43_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pd43_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pm23_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pm42_firmware
𝑥
≤ 10.10.011406
honeywellintermec_pm43_firmware
𝑥
≤ 10.10.011406
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf
http://www.securityfocus.com/bid/97236
https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/
https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf
https://www.exploit-db.com/exploits/41754/
http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf
http://www.securityfocus.com/bid/97236
https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/
https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf
https://www.exploit-db.com/exploits/41754/