Headline

CVE-2022-36403: Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

2 years ago

CVE

Open in Source

#vulnerability #windows #auth

Published:2022/08/29 Last Updated:2022/08/29

Overview

Installer of Device Software Manager provided by RICOH COMPANY, LTD. may insecurely load Dynamic Link Libraries.

Products Affected

Installer of Device Software Manager prior to Ver.2.20.3.0

Description

Installer of Device Software Manager provided by RICOH COMPANY, LTD. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

Impact

Arbitrary code may be executed with the privilege of the user invoking the installer.

Solution

Use the latest installer
Use the latest installer provided by the developer.
Users who already have installed the software do not need to re-install, because this issue affects the installers only.

Vendor Status

References

Japan Vulnerability Notes JVNTA#91240916
Insecure DLL Loading and Command Execution Issues on Many Windows Application Programs

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector(AV)

Physical §

Local (L)

Adjacent (A)

Network (N)

Attack Complexity(AC)

High (H)

Low (L)

Privileges Required(PR)

High (H)

Low (L)

None (N)

User Interaction(UI)

Required ®

None (N)

Scope(S)

Unchanged (U)

Changed ©

Confidentiality Impact©

None (N)

Low (L)

High (H)

Integrity Impact(I)

None (N)

Low (L)

High (H)

Availability Impact(A)

None (N)

Low (L)

High (H)

CVSS v2 AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector(AV)

Local (L)

Adjacent Network (A)

Network (N)

Access Complexity(AC)

High (H)

Medium (M)

Low (L)

Authentication(Au)

Multiple (M)

Single (S)

None (N)

Confidentiality Impact©

None (N)

Partial §

Complete ©

Integrity Impact(I)

None (N)

Partial §

Complete ©

Availability Impact(A)

None (N)

Partial §

Complete ©

Credit

Tomohisa Hasegawa of Canon IT Solutions Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago