CVE-2017-5671

moderate-risk
Published 2017-03-29

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Do I need to act?

-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
41754
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
LOCAL / LOW complexity

Affected Products (7)

Intermec Pd43 Firmware
Intermec Pm42 Firmware
Intermec Pm43 Firmware
Intermec Pc23 Firmware
Intermec Pc42 Firmware
Intermec Pc43 Firmware
Intermec Pm23 Firmware

Affected Vendors

Honeywell

References (10)

Release Notes http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10...
Third Party Advisory http://www.securityfocus.com/bid/97236
Exploit https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jai...
Vendor Advisory https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf
https://www.exploit-db.com/exploits/41754/
Release Notes http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10...
Third Party Advisory http://www.securityfocus.com/bid/97236
Exploit https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jai...
Vendor Advisory https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf
https://www.exploit-db.com/exploits/41754/
43
/ 100
moderate-risk
Severity 27/34 · High
Exploitability 2/34 · Minimal
Exposure 14/34 · Moderate