CVE-2023-30759

Published: Jun 19, 2023Modified: Dec 12, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

Affected (1)

Products: Ricoh: Printer Driver Packager Nx

1 product

Printer Driver Packager Nx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ricoh Printer Driver Packager Nx	From 1.0.02 to 1.1.26

Related CWEs

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://jvn.jp/en/vu/JVNVU92207133/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001

Source: vultures@jpcert.or.jp

Vendor Advisory

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/vu/JVNVU92207133/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.