CVE-2022-36443

An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
zebraenterprise_home_screen
4.1.19
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443
https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html
https://excellium-services.com/cert-xlm-advisory/CVE-2022-36443
https://www.zebra.com/us/en/products/software/mobile-computers/mobile-app-utilities/enterprise-home-screen.html