Vulnerability Details : CVE-2014-7892
The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSMSR.ocx for Mini MSR magnetic stripe readers, Retail Integrated Dual-Head MSR magnetic stripe readers, Integrated Single Head MSR w/o SRED magnetic stripe readers, Integrated Single Head w/o MSR SRED magnetic stripe readers, RP7 Single Head MSR w/o SRED magnetic stripe readers, POS keyboards, and POS keyboards with MSR, aka ZDI-CAN-2508.
Vulnerability category: Execute code
Products affected by CVE-2014-7892
- cpe:2.3:a:hp:ole_point_of_sale_driver:*:*:*:*:*:*:*:*When used together with: HP » Integrated Single Head Msr W/o Sred J1a33aaWhen used together with: HP » Integrated Single Head W/o Msr Sred J1a34aaWhen used together with: HP » Mini Msr Fk186aaWhen used together with: HP » Retail Integrated Dual-head Msr Qz673aaWhen used together with: HP » Rp7 Single Head Msr W/o Sred K1k15aa
Exploit prediction scoring system (EPSS) score for CVE-2014-7892
95.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7892
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2014-7892
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04583185
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Vendor Advisory
-
http://www.securitytracker.com/id/1031840
HP Point of Sale PCs Have Unspecified Bugs That Let Remote Users Execute Arbitrary Code - SecurityTracker
Jump to