CVE-2022-36403

HIGH

Device Software Manager <2.20.3.0 - Privilege Escalation

Title source: llm

Description

Untrusted search path vulnerability in the installer of Device Software Manager prior to Ver.2.20.3.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

References (2)

[Product] https://www.ricoh.com/software/dev_soft_manager

[Third Party Advisory] https://jvn.jp/en/jp/JVN44721267/index.html

Scores

CVSS v3 7.8

EPSS 0.0007

EPSS Percentile 20.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-426

Status published

Products (1)

ricoh/device_software_manager < 2.20.3.0

Published Sep 08, 2022

Tracked Since Feb 18, 2026