Lucene search

[email protected]CVE-2018-16185

HistoryJan 09, 2019 - 11:29 p.m.

CVE-2018-16185

2019-01-0923:29:04

CWE-20

[email protected]

web.nvd.nist.gov

cve-2018-16185

ricoh

interactive whiteboard

d2200

d5500

d5510

d5520

d6500

d6510

d7500

d8400

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.

Affected configurations

NVD

Node

ricohd2200Match-

AND

ricohd2200_firmwareRange1.1–2.2

Node

ricohd5500Match-

AND

ricohd5500_firmwareRange1.1–2.2

Node

ricohd5510Match-

AND

ricohd5510_firmwareRange1.1–2.2

Node

ricohd5520Match-

AND

ricohd5520_firmwareRange1.1–2.2

ricohd5520_firmwareRange3.0–3.1.10137.0

Node

ricohd6500Match-

AND

ricohd6500_firmwareRange1.1–2.2

Node

ricohd6510_firmwareRange1.1–2.2

ricohd6510_firmwareRange3.0–3.1.10137.0

AND

ricohd6510Match-

Node

ricohd7500_firmwareRange1.1–2.2

ricohd7500_firmwareRange3.0–3.1.10137.0

AND

ricohd7500Match-

Node

ricohd8400_firmwareRange1.1–2.2

ricohd8400_firmwareRange3.0–3.1.10137.0

AND

ricohd8400Match-

CPENameOperatorVersion
ricoh:d2200_firmwarericoh d2200 firmwarele2.2

CPE	Name	Operator	Version
ricoh:d2200_firmware	ricoh d2200 firmware	le	2.2

CNA Affected

[
  {
    "product": "RICOH Interactive Whiteboard",
    "vendor": "RICOH COMPANY, LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN55263945/index.html

www.ricoh.com/info/2018/1127_1.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for CVE-2018-16185

prion1 nvd1 cvelist1 openvas1 jvn1