HP MFP Digital Sending Software 4.91.0 Local Authentication Bypass

Low Nessus Plugin ID 52614


The remote Windows host contains an application that is affected by an authentication bypass vulnerability.


The remote Windows host contains HP MFP Digital Sending Software version 4.91.0. This version is potentially affected by an authentication bypass vulnerability related to device configuration templates.

A local attacker, exploiting this flaw, reportedly can gain unauthorized access to functionality of an HP Multifunction Peripheral (MFP) that is controlled by the HP MFP Digital Sending Software.

Note: the provided solution is needed only if authentication is required and the previous device configuration template did not include authentication settings.


At the time of this writing, a patch has not been provided by the vendor. However, a workaround has been provided by the vendor:

- Require authentication for all device templates.

- For all devices previously configured via device templates, reconfigure the devices with these revised templates.

See Also



Plugin Details

Severity: Low

ID: 52614

File Name: hp_mfp_dss_4_91_0.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2011/03/10

Modified: 2016/12/21

Dependencies: 46675

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.7

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:hp:multifunction_peripheral_digital_sending_software

Required KB Items: SMB/HP_MFP_DSS/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/03/02

Vulnerability Publication Date: 2011/03/02

Reference Information

CVE: CVE-2011-0279

BID: 46679

OSVDB: 75048

Secunia: 43618