CVE-2014-7891

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1031840
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:pos_keyboard_fk221aa::::::::
	cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa::::::::

History

No history.

Information

Published : 2015-03-09 17:59

Updated : 2023-12-10 11:31

NVD link : CVE-2014-7891

Mitre link : CVE-2014-7891

CVE.ORG link : CVE-2014-7891

JSON object : View

Products Affected

hp

ole_point_of_sale_driver
pos_keyboard_fk221aa
pos_keyboard_with_msr_fk218aa

CWE

NVD-CWE-noinfo

{"id": "CVE-2014-7891", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:03.890", "references": [{"url": "http://www.securitytracker.com/id/1031840", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSPOSKeyboard.ocx para los teclados POS y los teclados POS con MSR, tambi\u00e9n conocido como ZDI-CAN-2509."}], "lastModified": "2019-10-09T23:12:00.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:pos_keyboard_fk221aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14D01391-DBDD-40B2-BD61-DAA9408D6ED2"}, {"criteria": "cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56FD7B00-4A22-4148-AFAE-6A9D07DAF160"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}