CVE-2017-5671

Published Mar 29, 2017

Last updated 20 days ago

CVSS high 8.8

Overview

Description: Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 6
Exploitability score: 2
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pc23_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "122F856E-E8E7-4BFB-AA97-E3C50D811E12",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pc42_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A2FDF1F-B7BF-492D-8FFB-8D40B805DC17",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pc43_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60E5DE7C-9B42-4125-A019-02B3B5499DFD",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pd43_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5018410C-9B51-460B-B237-761C4549E314",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pm23_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16D913D8-C155-4F08-B341-72A986D7D29D",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pm42_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF398612-ACC6-4D8E-8DE0-1354FF98F68F",
            "versionEndIncluding": "10.10.011406"
          },
          {
            "criteria": "cpe:2.3:o:honeywell:intermec_pm43_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "278B804E-9E20-40D3-BF11-80FB2CB7DE35",
            "versionEndIncluding": "10.10.011406"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pc23:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A76805C2-7081-40D3-8400-CF71AD00F897"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pc42:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "65750656-5AF7-4E3B-A0CE-EC1B1C784A4E"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pc43:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "77BAFBC9-F93C-40FE-94EB-563B75C96942"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pd43:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "691EEB28-DA89-4CE8-AB35-50AA05662230"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pm23:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "34989BBF-1E3C-4636-90A0-C603DAEE8DE4"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pm42:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9C0A4C6C-4858-4856-9599-8A7F980C6E1E"
          },
          {
            "criteria": "cpe:2.3:h:honeywell:intermec_pm43:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AD95F008-3D2C-4E2C-978A-C101441CBE91"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References