Vulnerabilities > CVE-2019-10960 - Credentials Management vulnerability in Zebra products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

zebra

CWE-255

NVD

Published: 2019-08-20

Updated: 2019-10-09

Summary

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.

Vulnerable Configurations

Part	Description	Count
OS	Zebra Zebra Zt610 Firmware * Zebra Zt620 Firmware * Zebra Zt510 Firmware * Zebra Zt410 Firmware * Zebra Zt420 Firmware * Zebra Zt220 Firmware * Zebra Zt230 Firmware * Zebra 220Xi4 Firmware *	8
Hardware	Zebra Zebra Zt610 * Zebra Zt620 * Zebra Zt510 * Zebra Zt410 * Zebra Zt420 * Zebra Zt220 * Zebra Zt230 * Zebra 220Xi4 *	8

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

https://www.us-cert.gov/ics/advisories/icsa-19-232-01