CVE-2014-7890

2015-03-0917:59:02

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.952

Percentile

99.4%

JSON

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSToneIndicator.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2510.

Affected configurations

Nvd

Node

hpole_point_of_sale_driverRange≤1.13.001

AND

hppos_keyboard_fk221aa

hppos_keyboard_with_msr_fk218aa

VendorProductVersionCPE
hpole_point_of_sale_driver*cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*
hppos_keyboard_fk221aa*cpe:2.3:h:hp:pos_keyboard_fk221aa:*:*:*:*:*:*:*:*
hppos_keyboard_with_msr_fk218aa*cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	ole_point_of_sale_driver	*	cpe:2.3:a:hp:ole_point_of_sale_driver::::::::
hp	pos_keyboard_fk221aa	*	cpe:2.3:h:hp:pos_keyboard_fk221aa::::::::
hp	pos_keyboard_with_msr_fk218aa	*	cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa::::::::