CVE-2019-10960

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsa-19-232-01 Mitigation Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsa-19-232-01 Mitigation Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:zebra:zt610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt610:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:zebra:zt620_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt620:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:zebra:zt510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt510:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:zebra:zt410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt410:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:zebra:zt420_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt420:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:zebra:zt220_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt220:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:zebra:zt230_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:zt230:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:zebra:220xi4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:zebra:220xi4:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:20

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsa-19-232-01 - Mitigation, Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsa-19-232-01 - Mitigation, Third Party Advisory, US Government Resource

Information

Published : 2019-08-20 21:15

Updated : 2024-11-21 04:20


NVD link : CVE-2019-10960

Mitre link : CVE-2019-10960

CVE.ORG link : CVE-2019-10960


JSON object : View

Products Affected

zebra

  • zt220
  • zt620
  • zt230
  • 220xi4_firmware
  • zt620_firmware
  • zt410_firmware
  • zt510_firmware
  • zt610
  • zt510
  • zt410
  • zt230_firmware
  • zt420
  • 220xi4
  • zt220_firmware
  • zt420_firmware
  • zt610_firmware
CWE
CWE-522

Insufficiently Protected Credentials