Details of VAR-201908-1827

ID

VAR-201908-1827

CVE

CVE-2019-10960

TITLE

Zebra Industrial Printer Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2019-008644

DESCRIPTION

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the printer and the printer will respond with an array of information that includes the front panel passcode for the printer. Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel. Zebra Industrial Printer Contains vulnerabilities related to certificate and password management.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2019-10960 // JVNDB: JVNDB-2019-008644 // VULHUB: VHN-142559

AFFECTED PRODUCTS

vendor:	zebra	model:	zt420	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt410	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt230	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt510	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt610	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt620	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	zt220	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra	model:	220xi4	scope:	eq	version:	*	Trust: 1.0
vendor:	zebra corp	model:	zt220	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt220xi4	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt230	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt410	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt420	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt510	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt610	scope:	-	version:	-	Trust: 0.8
vendor:	zebra corp	model:	zt620	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008644 // NVD: CVE-2019-10960

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-10960
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-10960
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201908-1355
value:	HIGH
Trust: 0.6
VULHUB:	VHN-142559
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-10960
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-142559
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-10960
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-10960
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-142559 // JVNDB: JVNDB-2019-008644 // CNNVD: CNNVD-201908-1355 // NVD: CVE-2019-10960

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.1
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-142559 // JVNDB: JVNDB-2019-008644 // NVD: CVE-2019-10960

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1355

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-1355

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008644

PATCH

title:	Top Page	url:	https://www.zebra.com/us/en.html	Trust: 0.8
title:	Zebra Industrial Printers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=97716	Trust: 0.6

sources: JVNDB: JVNDB-2019-008644 // CNNVD: CNNVD-201908-1355

EXTERNAL IDS

db:	NVD	id:	CVE-2019-10960	Trust: 2.5
db:	ICS CERT	id:	ICSA-19-232-01	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-008644	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-1355	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3183	Trust: 0.6
db:	VULHUB	id:	VHN-142559	Trust: 0.1

sources: VULHUB: VHN-142559 // JVNDB: JVNDB-2019-008644 // CNNVD: CNNVD-201908-1355 // NVD: CVE-2019-10960

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsa-19-232-01	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10960	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10960	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2019.3183/	Trust: 0.6

sources: VULHUB: VHN-142559 // JVNDB: JVNDB-2019-008644 // CNNVD: CNNVD-201908-1355 // NVD: CVE-2019-10960

SOURCES

db:	VULHUB	id:	VHN-142559
db:	JVNDB	id:	JVNDB-2019-008644
db:	CNNVD	id:	CNNVD-201908-1355
db:	NVD	id:	CVE-2019-10960

LAST UPDATE DATE

2024-11-23T22:48:19.213000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-142559	date:	2020-10-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-008644	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1355	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-10960	date:	2024-11-21T04:20:14.350

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-142559	date:	2019-08-20T00:00:00
db:	JVNDB	id:	JVNDB-2019-008644	date:	2019-09-04T00:00:00
db:	CNNVD	id:	CNNVD-201908-1355	date:	2019-08-20T00:00:00
db:	NVD	id:	CVE-2019-10960	date:	2019-08-20T21:15:12.137