CVE-2023-30759

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
jpcertCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.4 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
ricohprinter_driver_packager_nx
1.0.02 ≤
𝑥
< 1.1.26
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://jvn.jp/en/vu/JVNVU92207133/
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001
https://jvn.jp/en/vu/JVNVU92207133/
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001