Authentication Misconfiguration in HP Multifunction Peripheral Software
CVE-2011-0279

Currently unrated

Key Information:

Vendor: HP
Status: Multifunction Peripheral Digital Sending Software
Vendor: CVE Published:; 7 March 2011

Summary

The HP Multifunction Peripheral Digital Sending Software (DSS) version 4.91.00 is vulnerable due to improper configuration of authentication settings for managed devices within device templates. This misconfiguration can potentially allow unauthorized attackers to access the devices without proper authentication, enabling them to perform actions that should normally require authenticated user credentials.

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na...

vendor-advisoryx_refsource_HP

http://www.vupen.com/english/advisories/2011/0561

vdb-entryx_refsource_VUPEN

https://exchange.xforce.ibmcloud.com/vulnerabilities/65866

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 7, 2011
Vulnerability Reserved
Dec 23, 2010