Description

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.

Classification

CVE ID: CVE-2023-30759

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Ricoh Company, Ltd.

Product: Printer Driver Packager NX

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 14.91% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000048-2023-000001
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2023-000001
https://jvn.jp/en/vu/JVNVU92207133/

Timeline