Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by CVE-2024-36480

    CVE-2024-36480 (GCVE-0-2024-36480)

    Vulnerability from cvelistv5 – Published: 2024-06-19 06:40 – Updated: 2024-08-02 03:37
    VLAI
    Summary
    Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.
    Severity
    9.8 (Critical)
    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Use of Hard-coded Credentials
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    CVE-2024-36480 Ricoh Streamline NX PC Client Affected: ver.3.7.2 and earlier
    		Create a notification for this product.
    ricoh streamline_nx_pc_client Affected: 0 , ≤ 3.7.2 (custom)
        cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*
    		 Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "streamline_nx_pc_client",
            "vendor": "ricoh",
            "versions": [
              {
                "lessThanOrEqual": "3.7.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36480",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T19:05:15.770286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-798",
                "description": "CWE-798 Use of Hard-coded Credentials",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T19:05:23.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN00442488/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Ricoh Streamline NX PC Client",
          "vendor": "CVE-2024-36480",
          "versions": [
            {
              "status": "affected",
              "version": "ver.3.7.2 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-19T06:40:46.619Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000005"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN00442488/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-36480",
    "datePublished": "2024-06-19T06:40:46.619Z",
    "dateReserved": "2024-06-04T09:09:47.217Z",
    "dateUpdated": "2024-08-02T03:37:05.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}