CVE-2017-5671 : Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial print

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Published 2017-03-29 14:59:00

Updated 2019-10-03 00:03:26

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-5671

Honeywell » Intermec Pm23 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pm23_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pm42 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pm42_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pm43 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pm43_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pc23 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pc23_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pc43 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pc43_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pd43 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pd43_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A
Honeywell » Intermec Pc42 Firmware
Versions up to, including, (<=) 10.10.011406
cpe:2.3:o:honeywell:intermec_pc42_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Honeywell » Intermec Pc23 » Version: N/A
When used together with: Honeywell » Intermec Pc42 » Version: N/A
When used together with: Honeywell » Intermec Pc43 » Version: N/A
When used together with: Honeywell » Intermec Pd43 » Version: N/A
When used together with: Honeywell » Intermec Pm23 » Version: N/A
When used together with: Honeywell » Intermec Pm42 » Version: N/A
When used together with: Honeywell » Intermec Pm43 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-5671

EPSS FAQ

0.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-5671

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
8.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	2.0	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-5671

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-5671

https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/

Intermec Industrial Printers Local root with Busybox jailbreak – CVE-2017-5671 - Akerva
Exploit;Patch;Third Party Advisory
http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf

Service Unavailable
Release Notes
http://www.securityfocus.com/bid/97236

Honeywell Intermec Industrial Printers CVE-2017-5671 Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf

exploit/CVE-2017-5671-Credits.pdf at master · kmkz/exploit · GitHub
Vendor Advisory
https://www.exploit-db.com/exploits/41754/

Intermec PM43 Industrial Printer - Local Privilege Escalation

Jump to

Vulnerability Details : CVE-2017-5671

Products affected by CVE-2017-5671

Exploit prediction scoring system (EPSS) score for CVE-2017-5671

CVSS scores for CVE-2017-5671

CWE ids for CVE-2017-5671

References for CVE-2017-5671