|
[Japanese]
|
JVNDB-2024-000061
|
Multiple vulnerabilities in Ricoh Streamline NX PC Client
|
|
Ricoh Streamline NX PC Client provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.
* [ricoh-2024-000004] Improper restriction of communication channel to intended endpoints (CWE-923) - CVE-2024-36252
* [ricoh-2024-000005] Use of hard-coded credentials (CWE-798) - CVE-2024-36480
* [ricoh-2024-000006] Use of potentially dangerous function (CWE-676) - CVE-2024-37124
* [ricoh-2024-000007] Use of potentially dangerous function (CWE-676) - CVE-2024-37387
CVE-2024-36252
Cai, Qi Qi of Siemens China Cybersecurity Testing Center - Shadowless Lab reported this vulnerability to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.
CVE-2024-36480, CVE-2024-37124, CVE-2024-37387
Abian Blome of Siemens Energy reported these vulnerabilities to RICOH COMPANY, LTD. and coordinated. After the coordination was completed, RICOH COMPANY, LTD. reported the case to IPA to notify users of the solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2024-36252
|
CVSS V3 Severity:
Base Metrics
5.1 (Medium) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: High
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: High
-
Integrity Impact: None
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-36480
|
CVSS V3 Severity:
Base Metrics
4.0 (Medium) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: Low
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-37124
|
CVSS V3 Severity:
Base Metrics
4.0 (Medium) [IPA Score]
-
Attack Vector: Local
-
Attack Complexity: Low
-
Privileges Required: None
-
User Interaction: None
-
Scope: Unchanged
-
Confidentiality Impact: None
-
Integrity Impact: Low
-
Availability Impact: None
The above CVSS base scores have been assigned for CVE-2024-37387
|
|
|
Ricoh Co., Ltd
- RICOH Streamline NX PC Client ver.3.6.x and earlier (CVE-2024-36252)
- RICOH Streamline NX PC Client ver.3.7.2 and earlier (CVE-2024-36480)
- RICOH Streamline NX PC Client ver.3.2.1.19, ver.3.3.1.3, ver.3.3.2.201, ver.3.4.3.1, ver.3.5.1.201 (ver.3.5.1.200op1), ver.3.6.100.53, and ver.3.6.2.1 (CVE-2024-37124, CVE-2024-37387)
|
|
|
* Arbitrary code may be executed on the PC where the product is installed (CVE-2024-36252)
* An attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC. (CVE-2024-36480)
* An attacker may create an arbitrary file in the PC where the product is installed (CVE-2024-37124)
* Files in the PC where the product is installed may be altered (CVE-2024-37387)
|
|
[Update the Software]
Update the software to the latest version by using the appropriate installer for the fixed version according to the information provided by the developer.
For more information, refer to the information provided by the developer.
|
|
Ricoh Co., Ltd
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2024-36252
- CVE-2024-36480
- CVE-2024-37124
- CVE-2024-37387
|
|
- JVN : JVN#00442488
|
|
- [2024/06/18]
Web page was published
|
