CVE-2019-10960

EPSS 0.16%
Published 20.08.2019 21:15:12
Last modified 21.11.2024 04:20:14
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zebra ≫ Zt610 Firmware

Zebra ≫ Zt610

Zebra ≫ Zt620 Firmware

Zebra ≫ Zt620

Zebra ≫ Zt510 Firmware

Zebra ≫ Zt510

Zebra ≫ Zt410 Firmware

Zebra ≫ Zt410

Zebra ≫ Zt420 Firmware

Zebra ≫ Zt420

Zebra ≫ Zt220 Firmware

Zebra ≫ Zt220

Zebra ≫ Zt230 Firmware

Zebra ≫ Zt230

Zebra ≫ 220xi4 Firmware

Zebra ≫ 220xi4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.378

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.us-cert.gov/ics/advisories/icsa-19-232-01

Third Party Advisory

US Government Resource

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2019-10960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-10960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-10960

EUVD