CVE-2019-19363
Ricoh Printer Drivers - Local Privilege Escalation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version
Se detectó un problema en los controladores de impresora de Windows de Ricoh (incluidos Savin y Lanier) antes del 2020, que permite a atacantes una escalada de privilegios locales. Los controladores y versiones afectados son: PCL6 Driver para Universal Print- Versión 4.0 o posterior, PS Driver para Universal Print - Versión 4.0 o posterior, PC FAX Generic Driver - Todas las versiones, Generic PCL5 Driver - Todas las versiones, RPCS Driver - Todas las versiones, PostScript3 Driver - Todas las versiones, PCL6 (PCL XL) Driver - todas las versiones, RPCS Raster Driver - todas las versiones.
Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-27 CVE Reserved
- 2020-01-22 First Exploit
- 2020-01-24 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN15697526/index.html | Third Party Advisory | |
| http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2020/Jan/34 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47962 | 2020-01-22 | |
| https://www.exploit-db.com/exploits/48036 | 2020-02-10 | |
| http://packetstormsecurity.com/files/156251/Ricoh-Driver-Privilege-Escalation.html | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.ricoh.com/info/2020/0122_1 | 2023-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ricoh Search vendor "Ricoh" | Generic Pcl5 Driver Search vendor "Ricoh" for product "Generic Pcl5 Driver" | - | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Pc Fax Generic Driver Search vendor "Ricoh" for product "Pc Fax Generic Driver" | - | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Pcl6 \(pcl Xl\) Driver Search vendor "Ricoh" for product "Pcl6 \(pcl Xl\) Driver" | - | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Pcl6 Driver For Universal Print Search vendor "Ricoh" for product "Pcl6 Driver For Universal Print" | >= 4.0 < 4.26 Search vendor "Ricoh" for product "Pcl6 Driver For Universal Print" and version " >= 4.0 < 4.26" | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Postscript3 Driver Search vendor "Ricoh" for product "Postscript3 Driver" | - | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Ps Driver For Universal Print Search vendor "Ricoh" for product "Ps Driver For Universal Print" | >= 4.0 < 4.26 Search vendor "Ricoh" for product "Ps Driver For Universal Print" and version " >= 4.0 < 4.26" | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Rpcs Driver Search vendor "Ricoh" for product "Rpcs Driver" | - | - |
Affected
| ||||||
| Ricoh Search vendor "Ricoh" | Rpcs Raster Driver Search vendor "Ricoh" for product "Rpcs Raster Driver" | - | - |
Affected
| ||||||