Untrusted Search Path Vulnerability in Device Software Manager by Ricoh
CVE-2022-36403

7.8HIGH

Key Information:

Vendor: Ricoh Company, Ltd.
Status: Installer Of Device Software Manager
Vendor: CVE Published:; 8 September 2022

🔔 Create Ricoh Company, Ltd. Vulnerability Alert

What is CVE-2022-36403?

An untrusted search path vulnerability exists in the installer of Device Software Manager versions before 2.20.3.0, which can be exploited by attackers. This vulnerability enables the potential for privilege escalation through the execution of a Trojan horse DLL located in an unspecified directory. Attackers can manipulate the installer to gain unauthorized access, posing significant risks to system integrity and data security.

Affected Version(s)

Installer of Device Software Manager prior to Ver.2.20.3.0

References

https://www.ricoh.com/software/dev_soft_manager

x_refsource_MISC

https://jvn.jp/en/jp/JVN44721267/index.html

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2022
Vulnerability Reserved
Aug 15, 2022