Search
Find a vulnerability
Search criteria
2 vulnerabilities found for printer_driver_packager_nx by ricoh
CVE-2023-30759 (GCVE-0-2023-30759)
Vulnerability from nvd – Published: 2023-06-19 00:00 – Updated: 2024-12-12 20:28
VLAI
Summary
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Insufficient Verification of Data Authenticity
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ricoh Company, Ltd. | Printer Driver Packager NX |
Affected:
v1.0.02 to v1.1.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T20:25:41.882070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:28:30.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Printer Driver Packager NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "v1.0.02 to v1.1.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30759",
"datePublished": "2023-06-19T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2024-12-12T20:28:30.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30759 (GCVE-0-2023-30759)
Vulnerability from cvelistv5 – Published: 2023-06-19 00:00 – Updated: 2024-12-12 20:28
VLAI
Summary
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Insufficient Verification of Data Authenticity
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ricoh Company, Ltd. | Printer Driver Packager NX |
Affected:
v1.0.02 to v1.1.25
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T20:25:41.882070Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T20:28:30.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Printer Driver Packager NX",
"vendor": "Ricoh Company, Ltd.",
"versions": [
{
"status": "affected",
"version": "v1.0.02 to v1.1.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-19T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001"
},
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92207133/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-30759",
"datePublished": "2023-06-19T00:00:00.000Z",
"dateReserved": "2023-05-11T00:00:00.000Z",
"dateUpdated": "2024-12-12T20:28:30.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}