Sign-up

ID

VAR-202001-0522


CVE

CVE-2019-19363


TITLE

plural  Ricoh  Product privilege management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-014437

DESCRIPTION

An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version. plural Ricoh The product contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. are all RICOH printer drivers. Multiple RICOH printer drivers have privilege elevation vulnerabilities. Attackers can use this vulnerability to elevate permissions

Trust: 2.25

sources: NVD: CVE-2019-19363 // JVNDB: JVNDB-2019-014437 // CNVD: CNVD-2020-23475 // VULMON: CVE-2019-19363

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-23475

AFFECTED PRODUCTS

vendor:ricohmodel:pcl6 driver for universal printscope:ltversion:4.26

Trust: 1.0

vendor:ricohmodel:postscript3 driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:generic pcl5 driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:pc fax generic driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:pcl6 \ driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:ps driver for universal printscope:gteversion:4.0

Trust: 1.0

vendor:ricohmodel:rpcs raster driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:rpcs driverscope:eqversion: -

Trust: 1.0

vendor:ricohmodel:pcl6 driver for universal printscope:gteversion:4.0

Trust: 1.0

vendor:ricohmodel:ps driver for universal printscope:ltversion:4.26

Trust: 1.0

vendor:リコーmodel:generic pcl5 driverscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:pcl6 driverscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:pcl6 driver for universal printscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:pc fax generic driverscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:postscript3 driverscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:ps driver for universal printscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:rpcs driverscope:eqversion: -

Trust: 0.8

vendor:リコーmodel:rpcs raster driverscope:eqversion: -

Trust: 0.8

vendor:ricohmodel:pcl6 driver for universal printscope:lteversion:<=4.0

Trust: 0.6

vendor:ricohmodel:ps driver for universal printscope:lteversion:<=4.0

Trust: 0.6

vendor:ricohmodel:pc fax generic driverscope: - version: -

Trust: 0.6

vendor:ricohmodel:generic pcl5 driverscope: - version: -

Trust: 0.6

vendor:ricohmodel:rpcs driverscope: - version: -

Trust: 0.6

vendor:ricohmodel:postscript3 driverscope: - version: -

Trust: 0.6

vendor:ricohmodel:pcl6 driverscope: - version: -

Trust: 0.6

vendor:ricohmodel:rpcs raster driverscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-23475 // JVNDB: JVNDB-2019-014437 // NVD: CVE-2019-19363

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-19363
value: HIGH

Trust: 1.0

NVD: CVE-2019-19363
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-23475
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202001-1100
value: HIGH

Trust: 0.6

VULMON: CVE-2019-19363
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-19363
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-23475
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-19363
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2019-19363
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-23475 // VULMON: CVE-2019-19363 // JVNDB: JVNDB-2019-014437 // CNNVD: CNNVD-202001-1100 // NVD: CVE-2019-19363

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-014437 // NVD: CVE-2019-19363

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202001-1100

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202001-1100

PATCH

title:Security fix issued to address potential vulnerabilities in some of Ricoh's printer/PC fax driversurl:https://www.ricoh.com/info/2020/0122_1/

Trust: 0.8

title:Patch for Multiple RICOH printer driver privilege escalation vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/214505

Trust: 0.6

title:Multiple Ricoh Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112807

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2019-19363

Trust: 0.1

title: - url:https://github.com/orgTestCodacy11KRepos110MB/repo-8984-concealed_position

Trust: 0.1

title:concealed_positionurl:https://github.com/jacob-baines/concealed_position

Trust: 0.1

title:windows-privilege-escalationurl:https://github.com/geeksniper/windows-privilege-escalation

Trust: 0.1

sources: CNVD: CNVD-2020-23475 // VULMON: CVE-2019-19363 // JVNDB: JVNDB-2019-014437 // CNNVD: CNNVD-202001-1100

EXTERNAL IDS

db:NVDid:CVE-2019-19363

Trust: 3.1

db:JVNid:JVN15697526

Trust: 2.3

db:JVNDBid:JVNDB-2019-014437

Trust: 2.0

db:PACKETSTORMid:156082

Trust: 1.7

db:PACKETSTORMid:156251

Trust: 1.7

db:EXPLOIT-DBid:48036

Trust: 1.2

db:CNVDid:CNVD-2020-23475

Trust: 0.6

db:CNNVDid:CNNVD-202001-1100

Trust: 0.6

db:VULMONid:CVE-2019-19363

Trust: 0.1

sources: CNVD: CNVD-2020-23475 // VULMON: CVE-2019-19363 // JVNDB: JVNDB-2019-014437 // CNNVD: CNNVD-202001-1100 // NVD: CVE-2019-19363

REFERENCES

url:http://seclists.org/fulldisclosure/2020/jan/34

Trust: 2.5

url:http://packetstormsecurity.com/files/156251/ricoh-driver-privilege-escalation.html

Trust: 1.8

url:https://www.ricoh.com/info/2020/0122_1/

Trust: 1.7

url:http://packetstormsecurity.com/files/156082/ricoh-printer-driver-local-privilege-escalation.html

Trust: 1.7

url:http://jvn.jp/en/jp/jvn15697526/index.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2019-19363

Trust: 1.4

url:https://www.exploit-db.com/exploits/48036

Trust: 1.2

url:https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-014437.html

Trust: 1.2

url:https://jvn.jp/en/jp/jvn15697526/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/732.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2019-19363

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-23475 // VULMON: CVE-2019-19363 // JVNDB: JVNDB-2019-014437 // CNNVD: CNNVD-202001-1100 // NVD: CVE-2019-19363

CREDITS

Shelby Pace,Metasploit, Pentagrid AG, Alexander Pudwill

Trust: 0.6

sources: CNNVD: CNNVD-202001-1100

SOURCES

db:CNVDid:CNVD-2020-23475
db:VULMONid:CVE-2019-19363
db:JVNDBid:JVNDB-2019-014437
db:CNNVDid:CNNVD-202001-1100
db:NVDid:CVE-2019-19363

LAST UPDATE DATE

2024-11-23T22:21:21.915000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-23475date:2020-04-20T00:00:00
db:VULMONid:CVE-2019-19363date:2023-02-10T00:00:00
db:JVNDBid:JVNDB-2019-014437date:2020-02-17T00:00:00
db:CNNVDid:CNNVD-202001-1100date:2021-01-05T00:00:00
db:NVDid:CVE-2019-19363date:2024-11-21T04:34:38.827

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-23475date:2020-04-20T00:00:00
db:VULMONid:CVE-2019-19363date:2020-01-24T00:00:00
db:JVNDBid:JVNDB-2019-014437date:2020-02-17T00:00:00
db:CNNVDid:CNNVD-202001-1100date:2020-01-24T00:00:00
db:NVDid:CVE-2019-19363date:2020-01-24T18:15:12.567