SB2019082102 - Information disclosure in Zebra Industrial Printers
Published: August 21, 2019
Security Bulletin ID
SB2019082102
Severity
Low
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Insufficiently protected credentials (CVE-ID: CVE-2019-10960)
The vulnerability allows a remote attacker to access the front control panel passcode of the affected device.
The vulnerability exists due to insufficiently protected credentials in the affected device. A remote attacker can send a specially crafted packets to a port on the printer and retrieve a front control panel passcode.
Note: Once the passcode is retrieved, an attacker must have physical access to the front panel of the printer to enter the passcode to access the full functionality of the front panel.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.