ID CVE-2015-0839
Summary The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
    cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 25-08-2017 - 11:42)
Impact:
Exploitability:
CWE CWE-320
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 74913
confirm
fedora
  • FEDORA-2015-11723
  • FEDORA-2015-11916
mlist [oss-security] 20150529 [CVE-2015-0839] hp-plugin binary driver verification
ubuntu USN-2699-1
Last major update 25-08-2017 - 11:42
Published 02-08-2017 - 19:29
Back to Top