Lucene search

[email protected]CVE-2017-5671

HistoryMar 29, 2017 - 2:59 p.m.

CVE-2017-5671

2017-03-2914:59:00

CWE-269

[email protected]

web.nvd.nist.gov

cve-2017-5671

honeywell intermec

industrial printers

local privilege escalation

lua

/usr/bin/lua

itadmin account

busybox jailbreak

root privileges

/etc/shadow file

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

JSON

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Affected configurations

NVD

Node

honeywellintermec_pc23Match-

honeywellintermec_pc42Match-

honeywellintermec_pc43Match-

honeywellintermec_pd43Match-

honeywellintermec_pm23Match-

honeywellintermec_pm42Match-

honeywellintermec_pm43Match-

AND

honeywellintermec_pc23_firmwareRange≤10.10.011406

honeywellintermec_pc42_firmwareRange≤10.10.011406

honeywellintermec_pc43_firmwareRange≤10.10.011406

honeywellintermec_pd43_firmwareRange≤10.10.011406

honeywellintermec_pm23_firmwareRange≤10.10.011406

honeywellintermec_pm42_firmwareRange≤10.10.011406

honeywellintermec_pm43_firmwareRange≤10.10.011406

CPENameOperatorVersion
honeywell:intermec_pc23_firmwarehoneywell intermec pc23 firmwarele10.10.011406
honeywell:intermec_pc42_firmwarehoneywell intermec pc42 firmwarele10.10.011406
honeywell:intermec_pc43_firmwarehoneywell intermec pc43 firmwarele10.10.011406
honeywell:intermec_pd43_firmwarehoneywell intermec pd43 firmwarele10.10.011406
honeywell:intermec_pm23_firmwarehoneywell intermec pm23 firmwarele10.10.011406
honeywell:intermec_pm42_firmwarehoneywell intermec pm42 firmwarele10.10.011406
honeywell:intermec_pm43_firmwarehoneywell intermec pm43 firmwarele10.10.011406

CPE	Name	Operator	Version
honeywell:intermec_pc23_firmware	honeywell intermec pc23 firmware	le	10.10.011406
honeywell:intermec_pc42_firmware	honeywell intermec pc42 firmware	le	10.10.011406
honeywell:intermec_pc43_firmware	honeywell intermec pc43 firmware	le	10.10.011406
honeywell:intermec_pd43_firmware	honeywell intermec pd43 firmware	le	10.10.011406
honeywell:intermec_pm23_firmware	honeywell intermec pm23 firmware	le	10.10.011406
honeywell:intermec_pm42_firmware	honeywell intermec pm42 firmware	le	10.10.011406
honeywell:intermec_pm43_firmware	honeywell intermec pm43 firmware	le	10.10.011406

References

apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf

www.securityfocus.com/bid/97236

akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/

github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf

www.exploit-db.com/exploits/41754/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for CVE-2017-5671

packetstorm1 exploitpack1 nvd1 zdt1 prion1 cvelist1 exploitdb1