CVE-2014-7895

{"id": "CVE-2014-7895", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-09T17:59:07.453", "references": [{"url": "http://www.securitytracker.com/id/1031840", "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://www.securitytracker.com/id/1031840", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt printers, Value Serial/USB Receipt printers, and USB Standard Duty cash drawers, aka ZDI-CAN-2505."}, {"lang": "es", "value": "Los controladores OLE Point of Sale (OPOS) anterior a 1.13.003 en los PCs de Windows HP Point of Sale permiten a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores que involucran OPOSCashDrawer.ocx para las impresoras PUSB Thermal Receipt, las impresoras SerialUSB Thermal Receipt, las impresoras Hybrid POS con MICR, las impresoras Value PUSB Receipt, las impresoras Value Serial/USB Receipt, y las cajas de efectivo USB Standard Duty, tambi\u00e9n conocido como ZDI-CAN-2505."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3BD6000-9ED7-4A61-A45D-030F2E428404", "versionEndIncluding": "1.13.001"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hp:hybrid_pos_printer_with_micr_us_fk184aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F273671-0608-424F-8C12-C852C382F07A"}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_f7m67aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AEE0F849-97C5-4E55-9FB4-36E5C9240ED0"}, {"criteria": "cpe:2.3:h:hp:pusb_thermal_receipt_printer_fk224aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97307E86-5213-440C-8050-36854FC9024C"}, {"criteria": "cpe:2.3:h:hp:serialusb_thermal_receipt_printer_bm476aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8837FF71-C459-4A0B-B19C-7702407EEE43"}, {"criteria": "cpe:2.3:h:hp:usb_standard_duty_cash_drawer_e8e45aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "322D3D82-C273-4A21-AA21-459D8A07CE8B"}, {"criteria": "cpe:2.3:h:hp:value_serial\\/usb_receipt_printer_f7m66aa:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "67D8B24C-6FC3-4443-AD5F-187E0A22FCCC"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "hp-security-alert@hp.com"}