CVE-2017-5671
8.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 2.0 / Impact: 6.0
Source: NVD
Description
Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.
Affected (7)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 10.10.011406 | |
| Up to 10.10.011406 | |
| Up to 10.10.011406 | |
| Up to 10.10.011406 | |
| Up to 10.10.011406 | |
| Up to 10.10.011406 | |
| Up to 10.10.011406 |
| Running on/with | Platform Versions |
|---|---|
Honeywell Intermec Pc23 | All versions |
Honeywell Intermec Pc42 | All versions |
Honeywell Intermec Pc43 | All versions |
Honeywell Intermec Pd43 | All versions |
Honeywell Intermec Pm23 | All versions |
Honeywell Intermec Pm42 | All versions |
Honeywell Intermec Pm43 | All versions |
References (10)
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.