HP MFP Digital Sending Software 4.9x <= 4.91.21 Local Workflow Metadata Information Disclosure

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains an application affected by a local
information disclosure vulnerability.

Description :

The remote Windows host contains a version of HP MFP Digital Sending
Software version 4.9x that's 4.91.21 or earlier. It is reportedly
affected by a local information disclosure vulnerability that could
result in disclosure of personal information in workflow metadata.

See also :

http://www.securityfocus.com/archive/1/520162/30/0/threaded

Solution :

Install HP MFP Digital Sending Software version 4.20.

Note that, while 4.9x represents a re-architecture of HP MFP Digital
Signing Software 4.20 to enable support for FutureSmart devices, the
only fix HP currently provides is to move to 4.20 from the 4.9x
release branch.

Risk factor :

Low / CVSS Base Score : 1.2
(CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 0.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 56651 ()

Bugtraq ID: 50297

CVE ID: CVE-2011-3163

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now