JVNVU#92207133
Printer Driver Packager NX creates driver installation packages without modification detection
Overview
Printer Driver Packager NX provided by Ricoh Company, Ltd. creates a driver installation package which fails to detect its modification.
Products Affected
- Printer Driver Packager NX v1.0.02 to v1.1.25
Description
Printer Driver Packager NX provided by Ricoh Company, Ltd. is a tool to create driver installation packages. A driver installation package is used to install and configure printer drivers on the target PCs.
The installation and configuration of printer drivers require an administrative privilege, and a created driver installation package can bundle administrative credentials in encrypted form enabling non-administrative users to install printer drivers without administrator's help.
The driver installation package, created by the affected version of Printer Driver Packager NX, fails to detect its modification (CWE-345) and may spawn an unexpected process with the administrative privilege.
Impact
If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
Solution
Update the software and re-create installation packages
Update the affected Printer Driver Packager NX to the latest version and re-create driver installation packages, according to the information provided by the developer.
The developer has released Printer Driver Packager NX v1.1.26 that addresses this vulnerability.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Comment
The analysis assumes that a non-administrative user modifies the installation package and runs it on the target PC.
Credit
Ricoh Company, Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-30759 |
| JVN iPedia |
|