HP Product Security Response TeamHP:C02161624HPSBPI02532 SSRT100111 rev.3 - HP MFP Digital Sending Software Running on Windows, Local Unauthorized Access
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
Potential Security Impact
Local unauthorized access
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to “Send to e-mail” and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software.
RESOLUTION
HP has provided a preliminary update to resolve this vulnerability.
The HP MFP Digital Sending Software v4.18.5 update is available using ftp:
Host
|
Account
|
Password
—|—|—
|
sb02532
|
Secure12
Optionally verify the SHA-1 sum.
HP MFP Digital Sending Software v4.18.5 File
|
SHA-1 Sum
—|—
DSS4185.zip
|
ebe6-dbf8-e0e1-6d1d-4c9f-8c06-683b-65d8-b0d6-fb8b
> note:
>
> HP MFP Digital Sending Software v4.18.3 was recommended in rev.1 of this Security Bulletin. That version introduced a defect not related to security. The new defect and the security vulnerability are resolved in v4.18.5.
PRODUCT SPECIFIC INFORMATION
None
Related
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N