HP DesignJet Accounting.xls Information Disclosure Vulnerability

medium Nessus Plugin ID 124086

Synopsis

The remote printer is affected by an information disclosure vulnerability.

Description

The HP DesignJet printer is affected by an information disclosure vulnerability due to exposure of the accounting.xls file. An unauthenticated, remote attacker can exploit this to disclose printer user names, document titles, and other information on print jobs.

Solution

Secure access to the accounting.xls page.

Plugin Details

Severity: Medium

ID: 124086

File Name: hp_designjet_accounting_file_disclosure.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 4/16/2019

Updated: 4/16/2019

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Based on analysis of the vulnerability.

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: x-cpe:/h:hp:designjet

Required KB Items: installed_sw/Embedded HP Server

Exploited by Nessus: true