QwikSec

Security Database

CVE

CWE

Training

CVE-2017-5671

Published: Mar 29, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

http://apps.intermec.com/downloads/eps_download/Firmware%20Release%20Notes%20x10_11_013310.pdf

x_refsource_CONFIRM

https://akerva.com/blog/intermec-industrial-printers-local-root-with-busybox-jailbreak/

x_refsource_MISC

vdb-entry

x_refsource_BID

https://github.com/kmkz/exploit/blob/master/CVE-2017-5671-Credits.pdf

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.