CVE-2020-5674 - Vulnerability Details

Vendors	Products
Epson	Album Print Color Calibration Utility Colorbase Colorio Easy Print Connect Creativity Suite E-photo Easy Photo Print Easy Settings Ec-01 Ec-01 Firmware Imaging Workshop Link2 Multi-print Quicker Net Config Net Config Se Net Print Net Software Development Kit Photolier Photoquicker Photostarter Pm-t990 Integrated Installer Print Print Image Framer Tool Print Layout Prolab Print Remote Printer Driver Scan Icm Updater Scanner Driver Status Monitor 2 Status Monitor 3 Universal Print Driver Web To Page Webconfig
Microsoft	Windows Windows 98 Windows Me

Link	Providers
https://jvn.jp/en/jp/JVN26835001/index.html
https://www.epson.jp/support/misc_t/201119_oshirase.htm
https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "the installers of multiple SEIKO EPSON products", "vendor": "SEIKO EPSON CORPORATION", "versions": [{"status": "affected", "version": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}], "problemTypes": [{"descriptions": [{"description": "Untrusted search path vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-24T06:55:23", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://jvn.jp/en/jp/JVN26835001/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5674", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "the installers of multiple SEIKO EPSON products", "version": {"version_data": [{"version_value": "A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software"}]}}]}, "vendor_name": "SEIKO EPSON CORPORATION"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Untrusted search path vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.epson.jp/support/misc_t/201119_oshirase.htm", "refsource": "MISC", "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"}, {"name": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf", "refsource": "MISC", "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"}, {"name": "https://jvn.jp/en/jp/JVN26835001/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN26835001/index.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.452Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN26835001/index.html"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5674", "datePublished": "2020-11-24T06:55:23", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2024-08-04T08:39:25.452Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : the installers of multiple SEIKO EPSON products (string)

vendor : SEIKO EPSON CORPORATION (string)

versions : [ »

0 : { »

status : affected (string)

version : A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Untrusted search path vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-11-24T06:55:23 (string)

orgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

shortName : jpcert (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://jvn.jp/en/jp/JVN26835001/index.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : vultures@jpcert.or.jp (string)

ID : CVE-2020-5674 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : the installers of multiple SEIKO EPSON products (string)

version : { »

version_data : [ »

0 : { »

version_value : A wide range of versions for the following products are affected -- Epson Web Installer, EPSON printer drivers, EPSON scanner drivers, EPSON Scan ICM Updaters, EPSON Printer Window!3, EPSON Printer Window!2 Firmware update programs, Network configuration utilities, Network print port monitors, Printer monitor SDK, Colorio series, Large-size printer related software, Laser printers, Copy station related software, Dot impact printer related software, Disk duplicator related software, CRYSTARIO related software, SureLab related software, Offirio Synergyware related software, Scanner related software, Digital cameras and Photo viewers related software, Projector related software, and PULSENSE and WristableGPS related software (string)

}

]

}

]

}

vendor_name : SEIKO EPSON CORPORATION (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Untrusted search path vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

refsource : MISC (string)

url : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

}

1 : { »

name : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

refsource : MISC (string)

url : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

}

2 : { »

name : https://jvn.jp/en/jp/JVN26835001/index.html (string)

refsource : MISC (string)

url : https://jvn.jp/en/jp/JVN26835001/index.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:39:25.452Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://jvn.jp/en/jp/JVN26835001/index.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : ede6fdc4-6654-4307-a26d-3331c018e2ce (string)

assignerShortName : jpcert (string)

cveId : CVE-2020-5674 (string)

datePublished : 2020-11-24T06:55:23 (string)

dateReserved : 2020-01-06T00:00:00 (string)

dateUpdated : 2024-08-04T08:39:25.452Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:*", "matchCriteriaId": "48F91F47-D4DB-43A9-85FC-98A52D4656D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "94EE867A-EE2E-469B-875F-B2E11F6508F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAEFA568-7007-466B-8746-B8AC1B2E74AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "805121F0-EE95-411B-9D8F-217DE202DB4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB25B1B2-6766-4FF5-BA83-AF4579DE905F", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:*", "matchCriteriaId": "41CB4CD9-7A73-4EB5-A22B-EE46C2315732", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "37FF3D98-82FB-4E87-BB64-371D64811C83", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:*", "matchCriteriaId": "893E9653-D468-4BF5-9F32-E7CAF9C655AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:*", "matchCriteriaId": "D0FCC3A3-9E02-4CAA-A8B8-B7CA0084D672", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "1287AFA1-D572-469D-852C-F2C39798EEB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:*", "matchCriteriaId": "3914291A-AF9C-4B97-AF99-FF9BC47961B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:*", "matchCriteriaId": "757A2598-DFFB-42CC-AF5B-74B54F73FC15", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D953E72-77C9-4AD2-9499-03511311E2DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:*", "matchCriteriaId": "68D2A328-0A73-4071-B39A-EC70C43FB03B", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B9942B4-5EE6-46E3-B9A7-4DAB9DEC868D", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:*", "matchCriteriaId": "C9148DA8-7E6C-4B68-B0BF-6C30E6AA2E03", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "DAFEB911-0397-4598-9125-83B42DF82300", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "8C0A183B-3EAB-4CB1-A92C-29814E884FFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEAD9BB8-5FC8-4A6E-BA04-0376D2B3829D", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:*", "matchCriteriaId": "22864077-BA06-48E7-92C4-804C07540D81", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "21AF90FB-DC56-4D6D-9B3A-3BD9831B71E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:*", "matchCriteriaId": "3FAED136-5494-4BAC-86C2-FD78BAAB99C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:*", "matchCriteriaId": "5D975A2B-4A9A-4112-804E-572258A950E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:*", "matchCriteriaId": "6ACD4EF0-3737-40D3-9241-62F62A42C210", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:*", "matchCriteriaId": "7C1D5774-AB44-4FBE-BE76-A1163E2FE229", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:*", "matchCriteriaId": "E239E07B-97BE-497E-8E23-E7360597CF15", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C98ECC-AD46-4FA6-8EE5-3D8D40513095", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:*", "matchCriteriaId": "3FAA6D17-1E9A-4A03-8180-1E3F4C9DB3CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9D6E33D-8034-4D1F-96EF-F77D5263DAA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:*", "matchCriteriaId": "C67751C5-8A62-4EC1-84B3-0F6D8F7168B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "21033145-DAB6-479E-972E-D4E06F043D81", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:*", "matchCriteriaId": "C039FA52-ACEA-4173-9DA5-A79E824D164C", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:*", "matchCriteriaId": "621D2404-C063-4DEC-BD2D-65B01B4BC74A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D9EFF20-1E2F-45C9-8395-3D8CF1067357", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*", "matchCriteriaId": "82132539-3C34-4B63-BE2A-F51077D8BC5A", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:*", "matchCriteriaId": "60366048-32FE-4081-A852-04319FD7A52C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:*", "matchCriteriaId": "52E77D28-30B0-459E-B121-5D6D381CFB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "0852ABB9-5632-471A-BE1B-A0DBF08DF706", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "638E1D59-4F3E-4D51-B9D8-02A438B028B3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:*", "matchCriteriaId": "A73DE5CB-AFB3-4622-8F87-4842858B8A41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:*", "matchCriteriaId": "23A7DDCC-139F-49DA-B934-E516ABEC39B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:*", "matchCriteriaId": "40FC681A-7B85-4495-8DCC-C459FE7E2F13", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E44D629-D3EB-4F67-BF67-B25910453562", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en los instaladores de m\u00faltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado"}], "id": "CVE-2020-5674", "lastModified": "2024-11-21T05:34:27.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-24T07:15:11.937", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN26835001/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN26835001/index.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.epson.jp/support/misc_t/201119_oshirase.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:epson:album_print:-:*:*:*:*:update_program:*:* (string)

matchCriteriaId : 48F91F47-D4DB-43A9-85FC-98A52D4656D6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:epson:color_calibration_utility:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 94EE867A-EE2E-469B-875F-B2E11F6508F9 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:epson:colorbase:-:*:*:*:*:*:*:* (string)

matchCriteriaId : AAEFA568-7007-466B-8746-B8AC1B2E74AF (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:epson:colorio_easy_print:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 805121F0-EE95-411B-9D8F-217DE202DB4C (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:epson:connect:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DB25B1B2-6766-4FF5-BA83-AF4579DE905F (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:epson:creativity_suite:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 41CB4CD9-7A73-4EB5-A22B-EE46C2315732 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:epson:e-photo:-:*:*:*:*:camera_raw:*:* (string)

matchCriteriaId : 37FF3D98-82FB-4E87-BB64-371D64811C83 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:epson:e-photo:-:*:*:*:*:picture_motion_browser:*:* (string)

matchCriteriaId : 893E9653-D468-4BF5-9F32-E7CAF9C655AF (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:-:*:* (string)

matchCriteriaId : D0FCC3A3-9E02-4CAA-A8B8-B7CA0084D672 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:epson:easy_photo_print:-:*:*:*:*:camera_raw:*:* (string)

matchCriteriaId : 1287AFA1-D572-469D-852C-F2C39798EEB4 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:epson:easy_settings:-:*:*:*:*:office:*:* (string)

matchCriteriaId : 3914291A-AF9C-4B97-AF99-FF9BC47961B8 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:epson:imaging_workshop:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 757A2598-DFFB-42CC-AF5B-74B54F73FC15 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:epson:link2:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4D953E72-77C9-4AD2-9499-03511311E2DE (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:epson:multi-print_quicker:-:*:*:*:*:windows:*:* (string)

matchCriteriaId : 68D2A328-0A73-4071-B39A-EC70C43FB03B (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:epson:net_config:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 4B9942B4-5EE6-46E3-B9A7-4DAB9DEC868D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:epson:net_config_se:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C9148DA8-7E6C-4B68-B0BF-6C30E6AA2E03 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:epson:net_print:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DAFEB911-0397-4598-9125-83B42DF82300 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:epson:net_software_development_kit:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 8C0A183B-3EAB-4CB1-A92C-29814E884FFB (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:epson:photolier:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EEAD9BB8-5FC8-4A6E-BA04-0376D2B3829D (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:epson:photoquicker:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 22864077-BA06-48E7-92C4-804C07540D81 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:epson:photostarter:3.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 21AF90FB-DC56-4D6D-9B3A-3BD9831B71E6 (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:epson:pm-t990_integrated_installer:-:*:*:*:*:windows:*:* (string)

matchCriteriaId : 3FAED136-5494-4BAC-86C2-FD78BAAB99C3 (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:epson:print:-:*:*:*:*:playmemories_home:*:* (string)

matchCriteriaId : 5D975A2B-4A9A-4112-804E-572258A950E7 (string)

vulnerable : true (boolean)

}

23 : { »

criteria : cpe:2.3:a:epson:print:-:*:*:*:*:silkypix:*:* (string)

matchCriteriaId : 6ACD4EF0-3737-40D3-9241-62F62A42C210 (string)

vulnerable : true (boolean)

}

24 : { »

criteria : cpe:2.3:a:epson:print:-:*:*:*:*:viewnx:*:* (string)

matchCriteriaId : 7C1D5774-AB44-4FBE-BE76-A1163E2FE229 (string)

vulnerable : true (boolean)

}

25 : { »

criteria : cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 23A7DDCC-139F-49DA-B934-E516ABEC39B2 (string)

vulnerable : true (boolean)

}

26 : { »

criteria : cpe:2.3:a:epson:print_layout:-:*:*:*:*:photoshop:*:* (string)

matchCriteriaId : E239E07B-97BE-497E-8E23-E7360597CF15 (string)

vulnerable : true (boolean)

}

27 : { »

criteria : cpe:2.3:a:epson:prolab_print:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 12C98ECC-AD46-4FA6-8EE5-3D8D40513095 (string)

vulnerable : true (boolean)

}

28 : { »

criteria : cpe:2.3:a:epson:prolab_print:-:*:*:*:*:camera_raw:*:* (string)

matchCriteriaId : 3FAA6D17-1E9A-4A03-8180-1E3F4C9DB3CD (string)

vulnerable : true (boolean)

}

29 : { »

criteria : cpe:2.3:a:epson:remote_printer_driver:-:*:*:*:*:*:*:* (string)

matchCriteriaId : F9D6E33D-8034-4D1F-96EF-F77D5263DAA3 (string)

vulnerable : true (boolean)

}

30 : { »

criteria : cpe:2.3:a:epson:scan_icm_updater:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C67751C5-8A62-4EC1-84B3-0F6D8F7168B2 (string)

vulnerable : true (boolean)

}

31 : { »

criteria : cpe:2.3:a:epson:scanner_driver:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 21033145-DAB6-479E-972E-D4E06F043D81 (string)

vulnerable : true (boolean)

}

32 : { »

criteria : cpe:2.3:a:epson:web_to_page:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C039FA52-ACEA-4173-9DA5-A79E824D164C (string)

vulnerable : true (boolean)

}

33 : { »

criteria : cpe:2.3:a:epson:webconfig:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 621D2404-C063-4DEC-BD2D-65B01B4BC74A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:epson:universal_print_driver:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D9EFF20-1E2F-45C9-8395-3D8CF1067357 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:* (string)

matchCriteriaId : 82132539-3C34-4B63-BE2A-F51077D8BC5A (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x86:* (string)

matchCriteriaId : 60366048-32FE-4081-A852-04319FD7A52C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:epson:status_monitor_2:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 52E77D28-30B0-459E-B121-5D6D381CFB44 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:epson:status_monitor_3:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 0852ABB9-5632-471A-BE1B-A0DBF08DF706 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A2572D17-1DE6-457B-99CC-64AFD54487EA (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:epson:ec-01_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 638E1D59-4F3E-4D51-B9D8-02A438B028B3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:epson:ec-01:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A73DE5CB-AFB3-4622-8F87-4842858B8A41 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:epson:print_image_framer_tool:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 23A7DDCC-139F-49DA-B934-E516ABEC39B2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:microsoft:windows_98:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 40FC681A-7B85-4495-8DCC-C459FE7E2F13 (string)

vulnerable : false (boolean)

}

1 : { »

criteria : cpe:2.3:o:microsoft:windows_me:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 5E44D629-D3EB-4F67-BF67-B25910453562 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de ruta de búsqueda no confiable en los instaladores de múltiples productos SEIKO EPSON, permite a un atacante alcanzar privilegios por medio de una DLL de tipo caballo de Troya en un directorio no especificado (string)

}

]

id : CVE-2020-5674 (string)

lastModified : 2024-11-21T05:34:27.477 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:L/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.4 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 7.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-11-24T07:15:11.937 (string)

references : [ »

0 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN26835001/index.html (string)

}

1 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

}

2 : { »

source : vultures@jpcert.or.jp (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://jvn.jp/en/jp/JVN26835001/index.html (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.epson.jp/support/misc_t/201119_oshirase.htm (string)

}

5 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.epson.jp/support/pdf/fy20-001_softwareList_20201106_b.pdf (string)

}

]

sourceIdentifier : vultures@jpcert.or.jp (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-427 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object