CVE-2014-7892

The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185	Vendor Advisory
http://www.securitytracker.com/id/1031840

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:hp:pos_keyboard_fk221aa:-:::::::*
	cpe:2.3:h:hp:mini_msr_fk186aa::::::::
	cpe:2.3:h:hp:integrated_single_head_msr_w\/o_sred_j1a33aa::::::::
	cpe:2.3:h:hp:integrated_single_head_w\/o_msr_sred_j1a34aa::::::::
	cpe:2.3:h:hp:rp7_single_head_msr_w\/o_sred_k1k15aa::::::::
	cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:::::::*
	cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa::::::::

Information

Published : 2015-03-09 10:59

Updated : 2019-10-09 16:12

NVD link : CVE-2014-7892

Mitre link : CVE-2014-7892

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

hp

pos_keyboard_with_msr_fk218aa
retail_integrated_dual-head_msr_qz673aa
mini_msr_fk186aa
rp7_single_head_msr_w\/o_sred_k1k15aa
integrated_single_head_w\/o_msr_sred_j1a34aa
pos_keyboard_fk221aa
integrated_single_head_msr_w\/o_sred_j1a33aa
ole_point_of_sale_driver

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "name": "SSRT101692", "tags": ["Vendor Advisory"], "refsource": "HP"}, {"url": "http://www.securitytracker.com/id/1031840", "name": "1031840", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-7892", "ASSIGNER": "hp-security-alert@hp.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "acInsufInfo": true, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-03-09T17:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.13.001"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hp:pos_keyboard_fk221aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:mini_msr_fk186aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:integrated_single_head_msr_w\\/o_sred_j1a33aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:integrated_single_head_w\\/o_msr_sred_j1a34aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:rp7_single_head_msr_w\\/o_sred_k1k15aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:hp:retail_integrated_dual-head_msr_qz673aa:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-10-09T23:12Z"}