CVE-2017-5671 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2017-5671?

CVE-2017-5671 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-5671?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Intermec Pc23 Firmware, Honeywell Intermec Pc42 Firmware, Honeywell Intermec Pc43 Firmware, Honeywell Intermec Pd43 Firmware, Honeywell Intermec Pm23 Firmware.

Vulnerability Description

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Honeywell	Intermec Pc23 Firmware	<= 10.10.011406
Honeywell	Intermec Pc42 Firmware	<= 10.10.011406
Honeywell	Intermec Pc43 Firmware	<= 10.10.011406
Honeywell	Intermec Pd43 Firmware	<= 10.10.011406
Honeywell	Intermec Pm23 Firmware	<= 10.10.011406
Honeywell	Intermec Pm42 Firmware	<= 10.10.011406
Honeywell	Intermec Pm43 Firmware	<= 10.10.011406
Honeywell	Intermec Pc23	-
Honeywell	Intermec Pc42	-
Honeywell	Intermec Pc43	-
Honeywell	Intermec Pd43	-
Honeywell	Intermec Pm23	-
Honeywell	Intermec Pm42	-
Honeywell	Intermec Pm43	-

Related Weaknesses (CWE)

CWE-269

References

http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10Release Notes
http://www.securityfocus.com/bid/97236Third Party AdvisoryVDB Entry
https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jaiExploitPatchThird Party Advisory
https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdfVendor Advisory
https://www.exploit-db.com/exploits/41754/
http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10Release Notes
http://www.securityfocus.com/bid/97236Third Party AdvisoryVDB Entry
https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jaiExploitPatchThird Party Advisory
https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdfVendor Advisory
https://www.exploit-db.com/exploits/41754/

FAQ

What is CVE-2017-5671?

CVE-2017-5671 is a vulnerability with a CVSS score of 8.8 (HIGH). Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which...

How severe is CVE-2017-5671?

CVE-2017-5671 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-5671?

Check the references section above for vendor advisories and patch information. Affected products include: Honeywell Intermec Pc23 Firmware, Honeywell Intermec Pc42 Firmware, Honeywell Intermec Pc43 Firmware, Honeywell Intermec Pd43 Firmware, Honeywell Intermec Pm23 Firmware.