Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:55263945
HistoryNov 27, 2018 - 12:00 a.m.

JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard

2018-11-2700:00:00
Japan Vulnerability Notes
jvn.jp
130

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.7%

JSON

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below.

Command injection (CWE-94) - CVE-2018-16184

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
CVSS v2 AV:N/AC:L/AU:N/C:C/I:C/A:C Base Score: 10.0

Missing file signature - CVE-2018-16185

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L Base Score: 5.0
CVSS v2 AV:N/AC:H/AU:N/C:P/I:P/A:P Base Score: 5.1

Hard-coded credentials for the administrator settings screen - CVE-2018-16186

Version Vector Score
CVSS v3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.4
CVSS v2 AV:L/AC:L/AU:N/C:C/I:C/A:C Base Score: 7.2

The server certificate is self-signed - CVE-2018-16187

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score: 4.8
CVSS v2 AV:N/AC:H/AU:N/C:P/I:P/A:N Base Score: 4.0

SQL injection (CWE-89) - CVE-2018-16188

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
CVSS v2 AV:N/AC:L/AU:N/C:C/I:C/A:C Base Score: 10.0

Impact

  • A remote attacker may execute an arbitrary command with the administrative privilege - CVE-2018-16184
  • A remote attacker may execute an altered program - CVE-2018-16185
  • An attacker may log in to the administrator settings screen and change the configuration - CVE-2018-16186
  • A man-in-the-middle attack allows an attacker to eavesdrop on an encrypted communication - CVE-2018-16187
  • A remote attacker may obtain or alter the information in the database - CVE-2018-16188

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Products Affected

CVE-2018-16184

  • RICOH Interactive Whiteboard D2200 V1.6 to V2.2

  • RICOH Interactive Whiteboard D5500 V1.6 to V2.2

  • RICOH Interactive Whiteboard D5510 V1.6 to V2.2
    The following displays with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached

  • RICOH Interactive Whiteboard D5520

  • RICOH Interactive Whiteboard D6500

  • RICOH Interactive Whiteboard D6510

  • RICOH Interactive Whiteboard D7500

  • RICOH Interactive Whiteboard D8400
    CVE-2018-16185, CVE-2018-16186

  • RICOH Interactive Whiteboard D2200 V1.1 to V2.2

  • RICOH Interactive Whiteboard D5500 V1.1 to V2.2

  • RICOH Interactive Whiteboard D5510 V1.1 to V2.2
    The following displays with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached

  • RICOH Interactive Whiteboard D5520

  • RICOH Interactive Whiteboard D6500

  • RICOH Interactive Whiteboard D6510

  • RICOH Interactive Whiteboard D7500

  • RICOH Interactive Whiteboard D8400
    The following displays with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached

  • RICOH Interactive Whiteboard D5520

  • RICOH Interactive Whiteboard D6510

  • RICOH Interactive Whiteboard D7500

  • RICOH Interactive Whiteboard D8400
    CVE-2018-16187, CVE-2018-16188

  • RICOH Interactive Whiteboard D2200 V1.3 to V2.2

  • RICOH Interactive Whiteboard D5500 V1.3 to V2.2

  • RICOH Interactive Whiteboard D5510 V1.3 to V2.2
    The following displays with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached

  • RICOH Interactive Whiteboard D5520

  • RICOH Interactive Whiteboard D6500

  • RICOH Interactive Whiteboard D6510

  • RICOH Interactive Whiteboard D7500

  • RICOH Interactive Whiteboard D8400
    The following displays with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached

  • RICOH Interactive Whiteboard D5520

  • RICOH Interactive Whiteboard D6510

  • RICOH Interactive Whiteboard D7500

  • RICOH Interactive Whiteboard D8400

Related

openvas 1
cve 5
cvelist 5
nvd 5
prion 5
openvas
openvas
RICOH Interactive Whiteboard Multiple Vulnerabilities
2018-11-29 00:00:00
cve
cve
CVE-2018-16188
2019-01-09 23:29:04
CVE-2018-16186
2019-01-09 23:29:04
CVE-2018-16184
2019-01-09 23:29:04
cvelist
cvelist
CVE-2018-16188
2019-01-09 22:00:00
CVE-2018-16186
2019-01-09 22:00:00
CVE-2018-16187
2019-01-09 22:00:00
nvd
nvd
CVE-2018-16188
2019-01-09 23:29:04
CVE-2018-16185
2019-01-09 23:29:04
CVE-2018-16184
2019-01-09 23:29:04
prion
prion
Code injection
2019-01-09 23:29:00
Hardcoded credentials
2019-01-09 23:29:00
Sql injection
2019-01-09 23:29:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.7%

JSON
Related for JVN:55263945
openvas1cve5cvelist5nvd5prion5