CVE-2015-0839 - The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle

CVE-2015-0839

Summary

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

References

Vulnerable Configurations

cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*
cpe:2.3:a:hp:linux_imaging_and_printing:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 25-08-2017 - 11:42)
Impact:
Exploitability:

CWE

CWE-320

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	74913
confirm	https://bugs.launchpad.net/hplip/+bug/1432516 https://bugzilla.redhat.com/show_bug.cgi?id=1227252
fedora	FEDORA-2015-11723 FEDORA-2015-11916
mlist	[oss-security] 20150529 [CVE-2015-0839] hp-plugin binary driver verification
ubuntu	USN-2699-1

Last major update

25-08-2017 - 11:42

Published

02-08-2017 - 19:29

Last modified

25-08-2017 - 11:42