Lucene search

JpcertCVE-2023-30759

HistoryJun 19, 2023 - 5:15 a.m.

CVE-2023-30759

2023-06-1905:15:09

CWE-345

jpcert

web.nvd.nist.gov

printer driver packager nx

cve-2023-30759

administrative privilege

driver installation

nvd

modification detection

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

Affected configurations

Nvd

Vulners

Node

ricohprinter_driver_packager_nxRange1.0.02–1.1.26

VendorProductVersionCPE
ricohprinter_driver_packager_nx*cpe:2.3:a:ricoh:printer_driver_packager_nx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ricoh	printer_driver_packager_nx	*	cpe:2.3:a:ricoh:printer_driver_packager_nx::::::::

CNA Affected

[
  {
    "vendor": "Ricoh Company, Ltd.",
    "product": "Printer Driver Packager NX",
    "versions": [
      {
        "version": "v1.0.02 to v1.1.25",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU92207133/

www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001

www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2023-30759