Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-5671

Published: 29/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 8.8 | Impact Score: 6 | Exploitability Score: 2
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Intermec Pm42 Firmware

Vulnerability Summary

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers prior to 10.11.013310 and 10.12.x prior to 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Vulnerable Product Search on Vulmon Subscribe to Product

honeywell intermec_pm42_firmware

honeywell intermec_pm43_firmware

honeywell intermec_pm23_firmware

honeywell intermec_pd43_firmware

honeywell intermec_pc42_firmware

honeywell intermec_pc23_firmware

honeywell intermec_pc43_firmware

Exploits

Exploit DB: Intermec PM43 Industrial Printer - Local Privilege Escalation
# TITLE: Intermec Industrial Printers Local root with Busybox jailbreak # Date: March 28th, 2017 # Author: Bourbon Jean-marie (kmkz) from AKERVA company | @kmkz_security # Product Homepage: wwwintermeccom/products/prtrpm43a/ # Firmware download: wwwintermeccom/products/prtrpm43a/downloadsaspx # Tested on : model: ...
Exploit DB: Intermec PM43 Industrial Printer Privilege Escalation
Intermec PM43 industrial printer suffers from a privilege escalation vulnerability ...

References

CWE-269https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdfhttps://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdfhttp://www.securityfocus.com/bid/97236https://www.exploit-db.com/exploits/41754/https://nvd.nist.govhttps://www.exploit-db.com/exploits/41754/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook