CVE-2014-7891

{"id": "CVE-2014-7891", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:03.890", "references": [{"url": "http://www.securitytracker.com/id/1031840", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id/1031840", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSPOSKeyboard.ocx for POS keyboards and POS keyboards with MSR, aka ZDI-CAN-2509."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSPOSKeyboard.ocx para los teclados POS y los teclados POS con MSR, tambi\u00e9n conocido como ZDI-CAN-2509."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:pos_keyboard_fk221aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14D01391-DBDD-40B2-BD61-DAA9408D6ED2"}, {"criteria": "cpe:2.3:h:hp:pos_keyboard_with_msr_fk218aa:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56FD7B00-4A22-4148-AFAE-6A9D07DAF160"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}