var-202001-0522
Vulnerability from variot
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version. plural Ricoh The product contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. are all RICOH printer drivers.
Multiple RICOH printer drivers have privilege elevation vulnerabilities. Attackers can use this vulnerability to elevate permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pcl6 driver for universal print",
"scope": "lt",
"trust": 1.0,
"vendor": "ricoh",
"version": "4.26"
},
{
"model": "postscript3 driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "generic pcl5 driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "pc fax generic driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "pcl6 \\ driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "ps driver for universal print",
"scope": "gte",
"trust": 1.0,
"vendor": "ricoh",
"version": "4.0"
},
{
"model": "rpcs raster driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "rpcs driver",
"scope": "eq",
"trust": 1.0,
"vendor": "ricoh",
"version": null
},
{
"model": "pcl6 driver for universal print",
"scope": "gte",
"trust": 1.0,
"vendor": "ricoh",
"version": "4.0"
},
{
"model": "ps driver for universal print",
"scope": "lt",
"trust": 1.0,
"vendor": "ricoh",
"version": "4.26"
},
{
"model": "generic pcl5 driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "pcl6 driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "pcl6 driver for universal print",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "pc fax generic driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "postscript3 driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "ps driver for universal print",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "rpcs driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "rpcs raster driver",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30ea\u30b3\u30fc",
"version": null
},
{
"model": "pcl6 driver for universal print",
"scope": "lte",
"trust": 0.6,
"vendor": "ricoh",
"version": "\u003c=4.0"
},
{
"model": "ps driver for universal print",
"scope": "lte",
"trust": 0.6,
"vendor": "ricoh",
"version": "\u003c=4.0"
},
{
"model": "pc fax generic driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
},
{
"model": "generic pcl5 driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
},
{
"model": "rpcs driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
},
{
"model": "postscript3 driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
},
{
"model": "pcl6 driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
},
{
"model": "rpcs raster driver",
"scope": null,
"trust": 0.6,
"vendor": "ricoh",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Shelby Pace,Metasploit, Pentagrid AG, Alexander Pudwill",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
}
],
"trust": 0.6
},
"cve": "CVE-2019-19363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2019-19363",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-23475",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-19363",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-19363",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-19363",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-19363",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-23475",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-19363",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version. plural Ricoh The product contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. are all RICOH printer drivers. \n\r\n\r\nMultiple RICOH printer drivers have privilege elevation vulnerabilities. Attackers can use this vulnerability to elevate permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19363",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN15697526",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "156082",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "156251",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "48036",
"trust": 1.2
},
{
"db": "CNVD",
"id": "CNVD-2020-23475",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19363",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"id": "VAR-202001-0522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
}
]
},
"last_update_date": "2024-11-23T22:21:21.915000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security\u00a0fix\u00a0issued\u00a0to\u00a0address\u00a0potential\u00a0vulnerabilities\u00a0in\u00a0some\u00a0of\u00a0Ricoh\u0027s\u00a0printer/PC\u00a0fax\u00a0drivers",
"trust": 0.8,
"url": "https://www.ricoh.com/info/2020/0122_1/"
},
{
"title": "Patch for Multiple RICOH printer driver privilege escalation vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/214505"
},
{
"title": "Multiple Ricoh Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112807"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2019-19363 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/orgTestCodacy11KRepos110MB/repo-8984-concealed_position "
},
{
"title": "concealed_position",
"trust": 0.1,
"url": "https://github.com/jacob-baines/concealed_position "
},
{
"title": "windows-privilege-escalation",
"trust": 0.1,
"url": "https://github.com/geeksniper/windows-privilege-escalation "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://seclists.org/fulldisclosure/2020/jan/34"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/156251/ricoh-driver-privilege-escalation.html"
},
{
"trust": 1.7,
"url": "https://www.ricoh.com/info/2020/0122_1/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/156082/ricoh-printer-driver-local-privilege-escalation.html"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn15697526/index.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19363"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/48036"
},
{
"trust": 1.2,
"url": "https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-014437.html"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn15697526/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/732.html"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2019-19363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"date": "2020-01-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"date": "2020-01-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"date": "2020-01-24T18:15:12.567000",
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23475"
},
{
"date": "2023-02-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19363"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014437"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1100"
},
{
"date": "2024-11-21T04:34:38.827000",
"db": "NVD",
"id": "CVE-2019-19363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Ricoh\u00a0 Product privilege management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014437"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1100"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.