CVE-2011-0279

HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly configure authentication settings of managed devices within device templates, which allows attackers to access these devices via actions that were intended to require authentication.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Multifunction_peripheral_digital_sending_software	Hp	4.91.00 (including)	4.91.00 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02738104
http://secunia.com/advisories/43618
http://www.securityfocus.com/bid/46679
http://www.securitytracker.com/id?1025155
http://www.vupen.com/english/advisories/2011/0561
https://exchange.xforce.ibmcloud.com/vulnerabilities/65866

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0279
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References