4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
Local unauthorized access
A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to “Send to e-mail” and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software.
HP has provided a preliminary update to resolve this vulnerability.
The HP MFP Digital Sending Software v4.18.5 update is available using ftp:
Host
|
Account
|
Password
—|—|—
|
sb02532
|
Secure12
Optionally verify the SHA-1 sum.
HP MFP Digital Sending Software v4.18.5 File
|
SHA-1 Sum
—|—
DSS4185.zip
|
ebe6-dbf8-e0e1-6d1d-4c9f-8c06-683b-65d8-b0d6-fb8b
> note:
>
> HP MFP Digital Sending Software v4.18.3 was recommended in rev.1 of this Security Bulletin. That version introduced a defect not related to security. The new defect and the security vulnerability are resolved in v4.18.5.
PRODUCT SPECIFIC INFORMATION
None