// For flags

CVE-2019-19363

Ricoh Printer Drivers - Local Privilege Escalation

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version

Se detectó un problema en los controladores de impresora de Windows de Ricoh (incluidos Savin y Lanier) antes del 2020, que permite a atacantes una escalada de privilegios locales. Los controladores y versiones afectados son: PCL6 Driver para Universal Print- Versión 4.0 o posterior, PS Driver para Universal Print - Versión 4.0 o posterior, PC FAX Generic Driver - Todas las versiones, Generic PCL5 Driver - Todas las versiones, RPCS Driver - Todas las versiones, PostScript3 Driver - Todas las versiones, PCL6 (PCL XL) Driver - todas las versiones, RPCS Raster Driver - todas las versiones.

Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-27 CVE Reserved
  • 2020-01-22 First Exploit
  • 2020-01-24 CVE Published
  • 2024-08-05 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ricoh
Search vendor "Ricoh"
Generic Pcl5 Driver
Search vendor "Ricoh" for product "Generic Pcl5 Driver"
--
Affected
Ricoh
Search vendor "Ricoh"
Pc Fax Generic Driver
Search vendor "Ricoh" for product "Pc Fax Generic Driver"
--
Affected
Ricoh
Search vendor "Ricoh"
Pcl6 \(pcl Xl\) Driver
Search vendor "Ricoh" for product "Pcl6 \(pcl Xl\) Driver"
--
Affected
Ricoh
Search vendor "Ricoh"
Pcl6 Driver For Universal Print
Search vendor "Ricoh" for product "Pcl6 Driver For Universal Print"
>= 4.0 < 4.26
Search vendor "Ricoh" for product "Pcl6 Driver For Universal Print" and version " >= 4.0 < 4.26"
-
Affected
Ricoh
Search vendor "Ricoh"
Postscript3 Driver
Search vendor "Ricoh" for product "Postscript3 Driver"
--
Affected
Ricoh
Search vendor "Ricoh"
Ps Driver For Universal Print
Search vendor "Ricoh" for product "Ps Driver For Universal Print"
>= 4.0 < 4.26
Search vendor "Ricoh" for product "Ps Driver For Universal Print" and version " >= 4.0 < 4.26"
-
Affected
Ricoh
Search vendor "Ricoh"
Rpcs Driver
Search vendor "Ricoh" for product "Rpcs Driver"
--
Affected
Ricoh
Search vendor "Ricoh"
Rpcs Raster Driver
Search vendor "Ricoh" for product "Rpcs Raster Driver"
--
Affected