CVE-2014-7892

2015-03-0917:59:04

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.952

Percentile

99.4%

JSON

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

Affected configurations

Nvd

Node

hpole_point_of_sale_driverRange≤1.13.001

AND

hpintegrated_single_head_msr_w\/o_sred_j1a33aa

hpintegrated_single_head_w\/o_msr_sred_j1a34aa

hpmini_msr_fk186aa

hppos_keyboard_fk221aaMatch-

hppos_keyboard_with_msr_fk218aaMatch-

hpretail_integrated_dual-head_msr_qz673aa

hprp7_single_head_msr_w\/o_sred_k1k15aa

VendorProductVersionCPE
hpole_point_of_sale_driver*cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*
hpintegrated_single_head_msr_w\/o_sred_j1a33aa*cpe:2.3:h:hp:integrated_single_head_msr_w\/o_sred_j1a33aa:*:*:*:*:*:*:*:*
hpintegrated_single_head_w\/o_msr_sred_j1a34aa*cpe:2.3:h:hp:integrated_single_head_w\/o_msr_sred_j1a34aa:*:*:*:*:*:*:*:*
hpmini_msr_fk186aa*cpe:2.3:h:hp:mini_msr_fk186aa:*:*:*:*:*:*:*:*
hppos_keyboard_fk221aa-cpe:2.3:h:hp:pos_keyboard_fk221aa:-:*:*:*:*:*:*:*
hppos_keyboard_with_msr_fk218aa-cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:*:*:*:*:*:*:*
hpretail_integrated_dual-head_msr_qz673aa*cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa:*:*:*:*:*:*:*:*
hprp7_single_head_msr_w\/o_sred_k1k15aa*cpe:2.3:h:hp:rp7_single_head_msr_w\/o_sred_k1k15aa:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	ole_point_of_sale_driver	*	cpe:2.3:a:hp:ole_point_of_sale_driver::::::::
hp	integrated_single_head_msr_w\/o_sred_j1a33aa	*	cpe:2.3:h:hp:integrated_single_head_msr_w\/o_sred_j1a33aa::::::::
hp	integrated_single_head_w\/o_msr_sred_j1a34aa	*	cpe:2.3:h:hp:integrated_single_head_w\/o_msr_sred_j1a34aa::::::::
hp	mini_msr_fk186aa	*	cpe:2.3:h:hp:mini_msr_fk186aa::::::::
hp	pos_keyboard_fk221aa	-	cpe:2.3:h:hp:pos_keyboard_fk221aa:-:::::::*
hp	pos_keyboard_with_msr_fk218aa	-	cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:::::::*
hp	retail_integrated_dual-head_msr_qz673aa	*	cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa::::::::
hp	rp7_single_head_msr_w\/o_sred_k1k15aa	*	cpe:2.3:h:hp:rp7_single_head_msr_w\/o_sred_k1k15aa::::::::