{ "id": "CVE-2020-5674", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2020-11-24T07:15:11.937", "lastModified": "2021-07-21T11:39:23.747", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." }, { "lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de m\u00faltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 4.4 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-427" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:*", "matchCriteriaId": "48F91F47-D4DB-43A9-85FC-98A52D4656D6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "94EE867A-EE2E-469B-875F-B2E11F6508F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAEFA568-7007-466B-8746-B8AC1B2E74AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "805121F0-EE95-411B-9D8F-217DE202DB4C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB25B1B2-6766-4FF5-BA83-AF4579DE905F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:*", "matchCriteriaId": "41CB4CD9-7A73-4EB5-A22B-EE46C2315732" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "37FF3D98-82FB-4E87-BB64-371D64811C83" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:*", "matchCriteriaId": "893E9653-D468-4BF5-9F32-E7CAF9C655AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:*", "matchCriteriaId": "D0FCC3A3-9E02-4CAA-A8B8-B7CA0084D672" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "1287AFA1-D572-469D-852C-F2C39798EEB4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:*", "matchCriteriaId": "3914291A-AF9C-4B97-AF99-FF9BC47961B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:*", "matchCriteriaId": "757A2598-DFFB-42CC-AF5B-74B54F73FC15" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D953E72-77C9-4AD2-9499-03511311E2DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:*", "matchCriteriaId": "68D2A328-0A73-4071-B39A-EC70C43FB03B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B9942B4-5EE6-46E3-B9A7-4DAB9DEC868D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9148DA8-7E6C-4B68-B0BF-6C30E6AA2E03" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAFEB911-0397-4598-9125-83B42DF82300" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C0A183B-3EAB-4CB1-A92C-29814E884FFB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEAD9BB8-5FC8-4A6E-BA04-0376D2B3829D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:*", "matchCriteriaId": "22864077-BA06-48E7-92C4-804C07540D81" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "21AF90FB-DC56-4D6D-9B3A-3BD9831B71E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:*", "matchCriteriaId": "3FAED136-5494-4BAC-86C2-FD78BAAB99C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:*", "matchCriteriaId": "5D975A2B-4A9A-4112-804E-572258A950E7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:*", "matchCriteriaId": "6ACD4EF0-3737-40D3-9241-62F62A42C210" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:*", "matchCriteriaId": "7C1D5774-AB44-4FBE-BE76-A1163E2FE229" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:*", "matchCriteriaId": "E239E07B-97BE-497E-8E23-E7360597CF15" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C98ECC-AD46-4FA6-8EE5-3D8D40513095" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "3FAA6D17-1E9A-4A03-8180-1E3F4C9DB3CD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9D6E33D-8034-4D1F-96EF-F77D5263DAA3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:*", "matchCriteriaId": "C67751C5-8A62-4EC1-84B3-0F6D8F7168B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "21033145-DAB6-479E-972E-D4E06F043D81" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:*", "matchCriteriaId": "C039FA52-ACEA-4173-9DA5-A79E824D164C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:*", "matchCriteriaId": "621D2404-C063-4DEC-BD2D-65B01B4BC74A" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D9EFF20-1E2F-45C9-8395-3D8CF1067357" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*", "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A" }, { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*", "matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "52E77D28-30B0-459E-B121-5D6D381CFB44" }, { "vulnerable": true, "criteria": "cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0852ABB9-5632-471A-BE1B-A0DBF08DF706" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "638E1D59-4F3E-4D51-B9D8-02A438B028B3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:*", "matchCriteriaId": "A73DE5CB-AFB3-4622-8F87-4842858B8A41" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*", "matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13" }, { "vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562" } ] } ] } ], "references": [ { "url": "https://jvn.jp/en/jp/JVN26835001/index.html", "source": "vultures@jpcert.or.jp", "tags": [ "Third Party Advisory" ] }, { "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] }, { "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf", "source": "vultures@jpcert.or.jp", "tags": [ "Vendor Advisory" ] } ] }