CVE-2017-5671
Published Mar 29, 2017
Last updated 5 years ago
Overview
- Description
- Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 6
- Exploitability score
- 2
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-269
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:honeywell:intermec_pc23:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A76805C2-7081-40D3-8400-CF71AD00F897"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pc42:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "65750656-5AF7-4E3B-A0CE-EC1B1C784A4E"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pc43:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "77BAFBC9-F93C-40FE-94EB-563B75C96942"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pd43:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "691EEB28-DA89-4CE8-AB35-50AA05662230"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pm23:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "34989BBF-1E3C-4636-90A0-C603DAEE8DE4"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pm42:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9C0A4C6C-4858-4856-9599-8A7F980C6E1E"
},
{
"criteria": "cpe:2.3:h:honeywell:intermec_pm43:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "AD95F008-3D2C-4E2C-978A-C101441CBE91"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:honeywell:intermec_pc23_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "122F856E-E8E7-4BFB-AA97-E3C50D811E12",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pc42_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A2FDF1F-B7BF-492D-8FFB-8D40B805DC17",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pc43_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60E5DE7C-9B42-4125-A019-02B3B5499DFD",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pd43_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5018410C-9B51-460B-B237-761C4549E314",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pm23_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16D913D8-C155-4F08-B341-72A986D7D29D",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pm42_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF398612-ACC6-4D8E-8DE0-1354FF98F68F",
"versionEndIncluding": "10.10.011406"
},
{
"criteria": "cpe:2.3:o:honeywell:intermec_pm43_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "278B804E-9E20-40D3-BF11-80FB2CB7DE35",
"versionEndIncluding": "10.10.011406"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]