Detections
Analytics
HP DesignJet Accounting.xls Information Disclosure Vulnerability
medium Nessus Plugin ID 124086
Language:
Synopsis
The remote printer is affected by an information disclosure vulnerability.Description
The HP DesignJet printer is affected by an information disclosure vulnerability due to exposure of the accounting.xls file. An unauthenticated, remote attacker can exploit this to disclose printer user names, document titles, and other information on print jobs.Solution
Secure access to the accounting.xls page.Plugin Details
Severity: Medium
ID: 124086
File Name: hp_designjet_accounting_file_disclosure.nasl
Version: 1.1
Type: remote
Family: CGI abuses
Published: 4/16/2019
Updated: 4/16/2019
Supported Sensors: Nessus
Risk Information
CVSS Score Rationale: Based on analysis of the vulnerability.
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: manual
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Information
CPE: x-cpe:/h:hp:designjet
Required KB Items: installed_sw/Embedded HP Server
Exploited by Nessus: true