cvelistv5 - CVE-2019-19363

CVE-2019-19363 (GCVE-0-2019-19363)

Vulnerability from cvelistv5

Published

2020-01-24 17:12

Modified

2024-08-05 02:16

Severity ?

CWE

Summary

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version

References

URL

Tags

cve@mitre.org	http://jvn.jp/en/jp/JVN15697526/index.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Jan/34	Mailing List, Third Party Advisory
cve@mitre.org	https://www.ricoh.com/info/2020/0122_1/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN15697526/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jan/34	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ricoh.com/info/2020/0122_1/	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:16:47.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ricoh.com/info/2020/0122_1/"
          },
          {
            "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
          },
          {
            "name": "JVN#15697526",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-25T04:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ricoh.com/info/2020/0122_1/"
        },
        {
          "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
        },
        {
          "name": "JVN#15697526",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19363",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ricoh.com/info/2020/0122_1/",
              "refsource": "CONFIRM",
              "url": "https://www.ricoh.com/info/2020/0122_1/"
            },
            {
              "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
            },
            {
              "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
            },
            {
              "name": "JVN#15697526",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-19363",
    "datePublished": "2020-01-24T17:12:18",
    "dateReserved": "2019-11-27T00:00:00",
    "dateUpdated": "2024-08-05T02:16:47.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-19363\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-01-24T18:15:12.567\",\"lastModified\":\"2024-11-21T04:34:38.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en los controladores de impresora de Windows de Ricoh (incluidos Savin y Lanier) antes del 2020, que permite a atacantes una escalada de privilegios locales. Los controladores y versiones afectados son: PCL6 Driver para Universal Print- Versi\u00f3n 4.0 o posterior, PS Driver para Universal Print - Versi\u00f3n 4.0 o posterior, PC FAX Generic Driver - Todas las versiones, Generic PCL5 Driver - Todas las versiones, RPCS Driver - Todas las versiones, PostScript3 Driver - Todas las versiones, PCL6 (PCL XL) Driver - todas las versiones, RPCS Raster Driver - todas las versiones.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:generic_pcl5_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B4CBC30-D148-4BC5-86E8-36F17A874C06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:pc_fax_generic_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAD0D112-FC13-4670-89BC-951E7A894925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:pcl6_\\\\(pcl_xl\\\\)_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44A6EE83-D4A9-4B8D-BE87-E8AD480FDDC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:pcl6_driver_for_universal_print:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.26\",\"matchCriteriaId\":\"DB1EA20A-2303-454B-A041-765419E838FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:postscript3_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BDFCBF0-FA62-49FA-883D-7446846C90E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:ps_driver_for_universal_print:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.26\",\"matchCriteriaId\":\"AC6D8875-0B50-4B82-ADB5-D7F5BDF821DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:rpcs_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C950938B-0D95-40D4-B46C-913D7FE31C5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ricoh:rpcs_raster_driver:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F963700-ECFB-467F-A7FB-26071DC52B95\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN15697526/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jan/34\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.ricoh.com/info/2020/0122_1/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://jvn.jp/en/jp/JVN15697526/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2020/Jan/34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.ricoh.com/info/2020/0122_1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CVE-2019-19363

Vulnerability from jvndb

Published

2020-02-25 15:29

Modified

2020-02-25 15:29

Severity ?

7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Privilege escalation vulnerability in multiple RICOH printer drivers

Details

Multiple RICOH printer drivers contain a privilege escalation vulnerability. RICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and [Name of company/Organization] coordinated under the Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN15697526/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19363
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-19363
	Related document	https://seclists.org/fulldisclosure/2020/Jan/34
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Ricoh Co., Ltd	Generic PCL5 Driver
	Ricoh Co., Ltd	PCL6 (PCL XL) Driver
	Ricoh Co., Ltd	PCL6 Driver for Universal Print
	Ricoh Co., Ltd	PC FAX Generic Driver
	Ricoh Co., Ltd	PostScript3 Driver
	Ricoh Co., Ltd	PS Driver for Universal Print
	Ricoh Co., Ltd	RPCS Driver
	Ricoh Co., Ltd	RPCS Raster Driver

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html",
  "dc:date": "2020-02-25T15:29+09:00",
  "dcterms:issued": "2020-02-25T15:29+09:00",
  "dcterms:modified": "2020-02-25T15:29+09:00",
  "description": "Multiple RICOH printer drivers contain a privilege escalation vulnerability.\r\n\r\nRICOH COMPANY, LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and [Name of company/Organization] coordinated under the Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:ricoh:generic_pcl5_driver",
      "@product": "Generic PCL5 Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:pcl6_%28pcl_xl%29_driver",
      "@product": "PCL6 (PCL XL) Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:pcl6_driver_for_universal_print",
      "@product": "PCL6 Driver for Universal Print",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:pc_fax_generic_driver",
      "@product": "PC FAX Generic Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:postscript3_driver",
      "@product": "PostScript3 Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:ps_driver_for_universal_print",
      "@product": "PS Driver for Universal Print",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:rpcs_driver",
      "@product": "RPCS Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ricoh:rpcs_raster_driver",
      "@product": "RPCS Raster Driver",
      "@vendor": "Ricoh Co., Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2019-014437",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN15697526/index.html",
      "@id": "JVN#15697526",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19363",
      "@id": "CVE-2019-19363",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-19363",
      "@id": "CVE-2019-19363",
      "@source": "NVD"
    },
    {
      "#text": "https://seclists.org/fulldisclosure/2020/Jan/34",
      "@id": "CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Privilege escalation vulnerability in multiple RICOH printer drivers"
}

gsd-2019-19363

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-19363

Aliases

CVE-2019-19363

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-19363",
    "description": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version",
    "id": "GSD-2019-19363",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2019-19363"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-19363"
      ],
      "details": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version",
      "id": "GSD-2019-19363",
      "modified": "2023-12-13T01:23:53.697933Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-19363",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ricoh.com/info/2020/0122_1/",
            "refsource": "CONFIRM",
            "url": "https://www.ricoh.com/info/2020/0122_1/"
          },
          {
            "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
          },
          {
            "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
          },
          {
            "name": "JVN#15697526",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:ps_driver_for_universal_print:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.26",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:pcl6_driver_for_universal_print:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.26",
                "versionStartIncluding": "4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:rpcs_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:postscript3_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:pcl6_\\(pcl_xl\\)_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:pc_fax_generic_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:generic_pcl5_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ricoh:rpcs_raster_driver:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-19363"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ricoh.com/info/2020/0122_1/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.ricoh.com/info/2020/0122_1/"
            },
            {
              "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
            },
            {
              "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
            },
            {
              "name": "JVN#15697526",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-10T16:59Z",
      "publishedDate": "2020-01-24T18:15Z"
    }
  }
}

cnvd-2020-23475

Vulnerability from cnvd

Title

多个RICOH打印机驱动程序权限提升漏洞

Description

Generic PCL5 Driver、PC FAX Generic Driver、PCL6 (PCL XL) Driver等都是RICOH打印机驱动程序。多个RICOH打印机驱动程序存在权限提升漏洞。攻击者可利用该漏洞提升权限。

Severity

中

Patch Name

多个RICOH打印机驱动程序权限提升漏洞的补丁

Patch Description

Generic PCL5 Driver、PC FAX Generic Driver、PCL6 (PCL XL) Driver等都是RICOH打印机驱动程序。多个RICOH打印机驱动程序存在权限提升漏洞。攻击者可利用该漏洞提升权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://www.ricoh.com/info/2020/0122_1/

Reference

https://jvn.jp/en/jp/JVN15697526/ https://www.exploit-db.com/exploits/48036 https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html

Impacted products

Name
['Ricoh PCL6 Driver for Universal Print <=4.0', 'Ricoh PS Driver for Universal Print <=4.0', 'Ricoh PC FAX Generic Driver', 'Ricoh Generic PCL5 Driver', 'Ricoh RPCS Driver', 'Ricoh PostScript3 Driver', 'Ricoh PCL6 (PCL XL) Driver', 'Ricoh RPCS Raster Driver']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-19363"
    }
  },
  "description": "Generic PCL5 Driver\u3001PC FAX Generic Driver\u3001PCL6 (PCL XL) Driver\u7b49\u90fd\u662fRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u3002\n\n\u591a\u4e2aRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ricoh.com/info/2020/0122_1/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23475",
  "openTime": "2020-04-20",
  "patchDescription": "Generic PCL5 Driver\u3001PC FAX Generic Driver\u3001PCL6 (PCL XL) Driver\u7b49\u90fd\u662fRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\n\u591a\u4e2aRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u4e2aRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ricoh PCL6 Driver for Universal Print \u003c=4.0",
      "Ricoh PS Driver for Universal Print \u003c=4.0",
      "Ricoh PC FAX Generic Driver",
      "Ricoh Generic PCL5 Driver",
      "Ricoh RPCS Driver",
      "Ricoh PostScript3 Driver",
      "Ricoh PCL6 (PCL XL) Driver",
      "Ricoh RPCS Raster Driver"
    ]
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN15697526/\r\nhttps://www.exploit-db.com/exploits/48036\r\nhttps://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-014437.html",
  "serverity": "\u4e2d",
  "submitTime": "2020-02-25",
  "title": "\u591a\u4e2aRICOH\u6253\u5370\u673a\u9a71\u52a8\u7a0b\u5e8f\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

var-202001-0522

Vulnerability from variot

Multiple RICOH printer drivers have privilege elevation vulnerabilities. Attackers can use this vulnerability to elevate permissions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202001-0522",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pcl6 driver for universal print",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "4.26"
      },
      {
        "model": "postscript3 driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "generic pcl5 driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "pc fax generic driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "pcl6 \\ driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "ps driver for universal print",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "4.0"
      },
      {
        "model": "rpcs raster driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "rpcs driver",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "pcl6 driver for universal print",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "4.0"
      },
      {
        "model": "ps driver for universal print",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "ricoh",
        "version": "4.26"
      },
      {
        "model": "generic pcl5 driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "pcl6 driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "pcl6 driver for universal print",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "pc fax generic driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "postscript3 driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "ps driver for universal print",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "rpcs driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "rpcs raster driver",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "\u30ea\u30b3\u30fc",
        "version": null
      },
      {
        "model": "pcl6 driver for universal print",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "\u003c=4.0"
      },
      {
        "model": "ps driver for universal print",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "ricoh",
        "version": "\u003c=4.0"
      },
      {
        "model": "pc fax generic driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "generic pcl5 driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "rpcs driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "postscript3 driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "pcl6 driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      },
      {
        "model": "rpcs raster driver",
        "scope": null,
        "trust": 0.6,
        "vendor": "ricoh",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Shelby Pace,Metasploit, Pentagrid AG, Alexander Pudwill",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-19363",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2019-19363",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CNVD-2020-23475",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2019-19363",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-19363",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-19363",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-19363",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2020-23475",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202001-1100",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-19363",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version. plural Ricoh The product contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. are all RICOH printer drivers. \n\r\n\r\nMultiple RICOH printer drivers have privilege elevation vulnerabilities. Attackers can use this vulnerability to elevate permissions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-19363",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN15697526",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "156082",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "156251",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "48036",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "id": "VAR-202001-0522",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      }
    ],
    "trust": 1.2666667
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "IoT"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:21:21.915000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security\u00a0fix\u00a0issued\u00a0to\u00a0address\u00a0potential\u00a0vulnerabilities\u00a0in\u00a0some\u00a0of\u00a0Ricoh\u0027s\u00a0printer/PC\u00a0fax\u00a0drivers",
        "trust": 0.8,
        "url": "https://www.ricoh.com/info/2020/0122_1/"
      },
      {
        "title": "Patch for Multiple RICOH printer driver privilege escalation vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/214505"
      },
      {
        "title": "Multiple Ricoh Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112807"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2019-19363 "
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/orgTestCodacy11KRepos110MB/repo-8984-concealed_position "
      },
      {
        "title": "concealed_position",
        "trust": 0.1,
        "url": "https://github.com/jacob-baines/concealed_position "
      },
      {
        "title": "windows-privilege-escalation",
        "trust": 0.1,
        "url": "https://github.com/geeksniper/windows-privilege-escalation "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.0
      },
      {
        "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2020/jan/34"
      },
      {
        "trust": 1.8,
        "url": "http://packetstormsecurity.com/files/156251/ricoh-driver-privilege-escalation.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.ricoh.com/info/2020/0122_1/"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/156082/ricoh-printer-driver-local-privilege-escalation.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvn.jp/en/jp/jvn15697526/index.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-19363"
      },
      {
        "trust": 1.2,
        "url": "https://www.exploit-db.com/exploits/48036"
      },
      {
        "trust": 1.2,
        "url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-014437.html"
      },
      {
        "trust": 0.6,
        "url": "https://jvn.jp/en/jp/jvn15697526/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/732.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-19363"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "date": "2020-01-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "date": "2020-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "date": "2020-01-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "date": "2020-01-24T18:15:12.567000",
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-04-20T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2020-23475"
      },
      {
        "date": "2023-02-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-19363"
      },
      {
        "date": "2020-02-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      },
      {
        "date": "2021-01-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      },
      {
        "date": "2024-11-21T04:34:38.827000",
        "db": "NVD",
        "id": "CVE-2019-19363"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0Ricoh\u00a0 Product privilege management vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-014437"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202001-1100"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2019-19363

Vulnerability from fkie_nvd

Published

2020-01-24 18:15

Modified

2024-11-21 04:34

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://jvn.jp/en/jp/JVN15697526/index.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://seclists.org/fulldisclosure/2020/Jan/34	Mailing List, Third Party Advisory
cve@mitre.org	https://www.ricoh.com/info/2020/0122_1/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN15697526/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Jan/34	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.ricoh.com/info/2020/0122_1/	Vendor Advisory

Impacted products

Vendor	Product	Version
ricoh	generic_pcl5_driver	-
ricoh	pc_fax_generic_driver	-
ricoh	pcl6_\(pcl_xl\)_driver	-
ricoh	pcl6_driver_for_universal_print	*
ricoh	postscript3_driver	-
ricoh	ps_driver_for_universal_print	*
ricoh	rpcs_driver	-
ricoh	rpcs_raster_driver	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ricoh:generic_pcl5_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B4CBC30-D148-4BC5-86E8-36F17A874C06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:pc_fax_generic_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD0D112-FC13-4670-89BC-951E7A894925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:pcl6_\\(pcl_xl\\)_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "44A6EE83-D4A9-4B8D-BE87-E8AD480FDDC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:pcl6_driver_for_universal_print:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1EA20A-2303-454B-A041-765419E838FC",
              "versionEndExcluding": "4.26",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:postscript3_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDFCBF0-FA62-49FA-883D-7446846C90E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:ps_driver_for_universal_print:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC6D8875-0B50-4B82-ADB5-D7F5BDF821DD",
              "versionEndExcluding": "4.26",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:rpcs_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C950938B-0D95-40D4-B46C-913D7FE31C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ricoh:rpcs_raster_driver:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F963700-ECFB-467F-A7FB-26071DC52B95",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version"
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en los controladores de impresora de Windows de Ricoh (incluidos Savin y Lanier) antes del 2020, que permite a atacantes una escalada de privilegios locales. Los controladores y versiones afectados son: PCL6 Driver para Universal Print- Versi\u00f3n 4.0 o posterior, PS Driver para Universal Print - Versi\u00f3n 4.0 o posterior, PC FAX Generic Driver - Todas las versiones, Generic PCL5 Driver - Todas las versiones, RPCS Driver - Todas las versiones, PostScript3 Driver - Todas las versiones, PCL6 (PCL XL) Driver - todas las versiones, RPCS Raster Driver - todas las versiones."
    }
  ],
  "id": "CVE-2019-19363",
  "lastModified": "2024-11-21T04:34:38.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-24T18:15:12.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2020/0122_1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ricoh.com/info/2020/0122_1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-88hc-87fj-j5x4

Vulnerability from github

Published

2022-05-24 17:07

Modified

2023-02-10 18:30

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-19363"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-24T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version",
  "id": "GHSA-88hc-87fj-j5x4",
  "modified": "2023-02-10T18:30:30Z",
  "published": "2022-05-24T17:07:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-19363"
    },
    {
      "type": "WEB",
      "url": "https://www.ricoh.com/info/2020/0122_1"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN15697526/index.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Jan/34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-19363 (GCVE-0-2019-19363)

Vulnerability from cvelistv5

CVE-2019-19363

Vulnerability from jvndb

gsd-2019-19363

Vulnerability from gsd

cnvd-2020-23475

Vulnerability from cnvd

var-202001-0522

Vulnerability from variot

fkie_cve-2019-19363

Vulnerability from fkie_nvd

ghsa-88hc-87fj-j5x4

Vulnerability from github

Tags

Sightings

Nomenclature