Lucene search

JpcertCVE-2024-36480

HistoryJun 19, 2024 - 7:15 a.m.

CVE-2024-36480

2024-06-1907:15:46

CWE-798

jpcert

web.nvd.nist.gov

credentials

ricoh

vulnerability

localsystem

unintended operations

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.

Affected configurations

Vulners

Node

cve-2024-36480ricoh_streamline_nx_pc_clientMatch3.7.2

VendorProductVersionCPE
cve-2024-36480ricoh_streamline_nx_pc_client3.7.2cpe:2.3:a:cve-2024-36480:ricoh_streamline_nx_pc_client:3.7.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cve-2024-36480	ricoh_streamline_nx_pc_client	3.7.2	cpe:2.3:a:cve-2024-36480:ricoh_streamline_nx_pc_client:3.7.2:::::::*

CNA Affected

[
  {
    "vendor": "CVE-2024-36480",
    "product": "Ricoh Streamline NX PC Client",
    "versions": [
      {
        "version": "ver.3.7.2 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN00442488/

www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000005

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-36480