HP MFP Digital Sending Software 4.91.0 Local Authentication Bypass
Low Nessus Plugin ID 52614
SynopsisThe remote Windows host contains an application that is affected by an authentication bypass vulnerability.
DescriptionThe remote Windows host contains HP MFP Digital Sending Software version 4.91.0. This version is potentially affected by an authentication bypass vulnerability related to device configuration templates.
A local attacker, exploiting this flaw, reportedly can gain unauthorized access to functionality of an HP Multifunction Peripheral (MFP) that is controlled by the HP MFP Digital Sending Software.
Note: the provided solution is needed only if authentication is required and the previous device configuration template did not include authentication settings.
SolutionAt the time of this writing, a patch has not been provided by the vendor. However, a workaround has been provided by the vendor:
- Require authentication for all device templates.
- For all devices previously configured via device templates, reconfigure the devices with these revised templates.