Lucene search

[email protected]CVE-2018-16187

HistoryJan 09, 2019 - 11:29 p.m.

CVE-2018-16187

2019-01-0923:29:04

CWE-295

[email protected]

web.nvd.nist.gov

ricoh

interactive whiteboard

d2200

d5500

d5510

controller type1

controller type2

cve-2018-16187

security vulnerability

man-in-the-middle attack

certificate verification

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON

The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.

Affected configurations

NVD

Node

ricohd2200_firmwareRange1.3–2.2

AND

ricohd2200Match-

Node

ricohd5500_firmwareRange1.3–2.2

AND

ricohd5500Match-

Node

ricohd5510_firmwareRange1.3–2.2

AND

ricohd5510Match-

Node

ricohd5520_firmwareRange1.3–2.2

ricohd5520_firmwareRange3.0–3.1.10137.0

AND

ricohd5520Match-

Node

ricohd6500_firmwareRange1.3–2.2

AND

ricohd6500Match-

Node

ricohd6510_firmwareRange1.3–2.2

ricohd6510_firmwareRange3.0–3.1.10137.0

AND

ricohd6510Match-

Node

ricohd7500_firmwareRange1.3–2.2

ricohd7500_firmwareRange3.0–3.1.10137.0

AND

ricohd7500Match-

Node

ricohd8400_firmwareRange1.3–2.2

ricohd8400_firmwareRange3.0–3.1.10137.0

AND

ricohd8400Match-

CPENameOperatorVersion
ricoh:d2200_firmwarericoh d2200 firmwarele2.2

CPE	Name	Operator	Version
ricoh:d2200_firmware	ricoh d2200 firmware	le	2.2

CNA Affected

[
  {
    "product": "RICOH Interactive Whiteboard",
    "vendor": "RICOH COMPANY, LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400)"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN55263945/index.html

www.ricoh.com/info/2018/1127_1.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.1%

JSON

Related for CVE-2018-16187

cvelist1 nvd1 prion1 jvn1 openvas1