CVE-2019-10960

HIGH

7.5

Description

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.

CVE Details

CVSS v3.1 Score7.5

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published8/20/2019

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

zebra:220xi4zebra:220xi4_firmwarezebra:zt220zebra:zt220_firmwarezebra:zt230zebra:zt230_firmwarezebra:zt410zebra:zt410_firmwarezebra:zt420zebra:zt420_firmwarezebra:zt510zebra:zt510_firmwarezebra:zt610zebra:zt610_firmwarezebra:zt620zebra:zt620_firmware

Weaknesses (CWE)

CWE-522CWE-522

References

https://www.us-cert.gov/ics/advisories/icsa-19-232-01(ics-cert@hq.dhs.gov)

https://www.us-cert.gov/ics/advisories/icsa-19-232-01(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.