All the vulnerabilites related to Ricoh Co., Ltd - Ridoc Ez Installer NX
jvndb-2023-002111
Vulnerability from jvndb
Published
2023-06-15 16:06
Modified
2024-05-23 15:45
Severity ?
Summary
Printer Driver Packager NX creates driver installation packages without modification detection
Details
Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.
The installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator's help.
The driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.
Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/vu/JVNVU92207133/ | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-30759 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-30759 | |
| Insufficient Verification of Data Authenticity(CWE-345) | https://cwe.mitre.org/data/definitions/345.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Ricoh Co., Ltd | Ridoc Ez Installer NX |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002111.html",
"dc:date": "2024-05-23T15:45+09:00",
"dcterms:issued": "2023-06-15T16:06+09:00",
"dcterms:modified": "2024-05-23T15:45+09:00",
"description": "Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.\r\nThe installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator\u0027s help.\r\n\r\nThe driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.\r\n\r\nRicoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-002111.html",
"sec:cpe": {
"#text": "cpe:/a:ricoh:ridoc_ez_Installer_nx",
"@product": "Ridoc Ez Installer NX",
"@vendor": "Ricoh Co., Ltd",
"@version": "2.2"
},
"sec:cvss": {
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2023-002111",
"sec:references": [
{
"#text": "https://jvn.jp/en/vu/JVNVU92207133/",
"@id": "JVNVU#92207133",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-30759",
"@id": "CVE-2023-30759",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-30759",
"@id": "CVE-2023-30759",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/345.html",
"@id": "CWE-345",
"@title": "Insufficient Verification of Data Authenticity(CWE-345)"
}
],
"title": "Printer Driver Packager NX creates driver installation packages without modification detection"
}