CVE-2023-30759

high

Description

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

References

https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001

https://jvn.jp/en/vu/JVNVU92207133/

Details

Source: Mitre, NVD

Published: 2023-06-19

Updated: 2023-06-27

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High