Main Vulnerability Database Vulnerabilities #VU77474

Insufficient verification of data authenticity in Printer Driver Packager NX - CVE-2023-30759

Published: June 16, 2023

Vulnerability identifier: #VU77474

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-30759

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: RICOH COMPANY, LTD.

Affected software:
Printer Driver Packager NX

Detailed vulnerability description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to the driver installation package fails to detect its modification and may spawn an unexpected process with the administrative privilege. A local user can execute arbitrary program with the administrative privilege.

How to mitigate CVE-2023-30759

Install updates from vendor's website.

Sources

https://jvn.jp/en/vu/JVNVU92207133/index.html
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001

Insufficient verification of data authenticity in Printer Driver Packager NX - CVE-2023-30759

Detailed vulnerability description

How to mitigate CVE-2023-30759

Sources

Please verify you're human