HP MFP Digital Sending Software 4.91.0 Local Authentication Bypass

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application that is affected by
an authentication bypass vulnerability.

Description :

The remote Windows host contains HP MFP Digital Sending Software
version 4.91.0. This version is potentially affected by an
authentication bypass vulnerability related to device configuration
templates.

A local attacker, exploiting this flaw, reportedly can gain
unauthorized access to functionality of an HP Multifunction Peripheral
(MFP) that is controlled by the HP MFP Digital Sending Software.

Note: the provided solution is needed only if authentication is
required and the previous device configuration template did not
include authentication settings.

See also :

http://www.nessus.org/u?f019df14
http://seclists.org/bugtraq/2011/Mar/57

Solution :

At the time of this writing, a patch has not been provided by the
vendor. However, a workaround has been provided by the vendor:

- Require authentication for all device templates.

- For all devices previously configured via device
templates, reconfigure the devices with these revised
templates.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 52614 ()

Bugtraq ID: 46679

CVE ID: CVE-2011-0279

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now