CVE-2019-10960

HIGH

7.5

Beschreibung

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.

CVE Details

CVSS v3.1 Bewertung7.5

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht8/20/2019

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

zebra:220xi4zebra:220xi4_firmwarezebra:zt220zebra:zt220_firmwarezebra:zt230zebra:zt230_firmwarezebra:zt410zebra:zt410_firmwarezebra:zt420zebra:zt420_firmwarezebra:zt510zebra:zt510_firmwarezebra:zt610zebra:zt610_firmwarezebra:zt620zebra:zt620_firmware

Schwachen (CWE)

CWE-522CWE-522

Referenzen

https://www.us-cert.gov/ics/advisories/icsa-19-232-01(ics-cert@hq.dhs.gov)

https://www.us-cert.gov/ics/advisories/icsa-19-232-01(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.