CVE-2024-37124 (GCVE-0-2024-37124)
Vulnerability from cvelistv5 – Published: 2024-06-19 06:40 – Updated: 2024-08-02 03:50
VLAI?
Summary
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.
Severity ?
9.8 (Critical)
CWE
- Use of potentially dangerous function
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD. | Ricoh Streamline NX PC Client |
Affected:
ver.3.2.1.19
Affected: ver.3.3.1.3 Affected: ver.3.3.2.201 Affected: ver.3.4.3.1 Affected: ver.3.5.1.201 (ver.3.5.1.200op1) Affected: ver.3.6.100.53 Affected: and ver.3.6.2.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.2.1.19"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.3.1.3"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.3.2.201"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.4.3.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.5.1.201\\/ver.3.5.1.200op1\\/"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.6.100.53"
}
]
},
{
"cpes": [
"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "streamline_nx_pc_client",
"vendor": "ricoh",
"versions": [
{
"status": "affected",
"version": "ver.3.6.2.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-37124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:32:35.494081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:44:52.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ricoh Streamline NX PC Client",
"vendor": "RICOH COMPANY, LTD.",
"versions": [
{
"status": "affected",
"version": "ver.3.2.1.19"
},
{
"status": "affected",
"version": " ver.3.3.1.3"
},
{
"status": "affected",
"version": " ver.3.3.2.201"
},
{
"status": "affected",
"version": " ver.3.4.3.1"
},
{
"status": "affected",
"version": " ver.3.5.1.201 (ver.3.5.1.200op1)"
},
{
"status": "affected",
"version": " ver.3.6.100.53"
},
{
"status": "affected",
"version": " and ver.3.6.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of potentially dangerous function",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T06:40:52.358Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006"
},
{
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-37124",
"datePublished": "2024-06-19T06:40:52.358Z",
"dateReserved": "2024-06-03T11:46:18.673Z",
"dateUpdated": "2024-08-02T03:50:54.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.\"}, {\"lang\": \"es\", \"value\": \"Existe un problema de uso de funciones potencialmente peligrosas en Ricoh Streamline NX PC Client. Si se aprovecha esta vulnerabilidad, un atacante puede crear un archivo arbitrario en la PC donde est\\u00e1 instalado el producto.\"}]",
"id": "CVE-2024-37124",
"lastModified": "2024-11-21T09:23:14.790",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
"published": "2024-06-19T07:15:46.547",
"references": "[{\"url\": \"https://jvn.jp/en/jp/JVN00442488/\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\", \"source\": \"vultures@jpcert.or.jp\"}, {\"url\": \"https://jvn.jp/en/jp/JVN00442488/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-37124\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2024-06-19T07:15:46.547\",\"lastModified\":\"2024-11-21T09:23:14.790\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.\"},{\"lang\":\"es\",\"value\":\"Existe un problema de uso de funciones potencialmente peligrosas en Ricoh Streamline NX PC Client. Si se aprovecha esta vulnerabilidad, un atacante puede crear un archivo arbitrario en la PC donde est\u00e1 instalado el producto.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN00442488/\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\",\"source\":\"vultures@jpcert.or.jp\"},{\"url\":\"https://jvn.jp/en/jp/JVN00442488/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jvn.jp/en/jp/JVN00442488/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T03:50:54.525Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-37124\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-20T15:32:35.494081Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.2.1.19\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.3.1.3\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.3.2.201\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.4.3.1\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.5.1.201\\\\/ver.3.5.1.200op1\\\\/\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.6.100.53\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:ricoh:streamline_nx_pc_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"ricoh\", \"product\": \"streamline_nx_pc_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.6.2.1\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-20T15:36:26.305Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"RICOH COMPANY, LTD.\", \"product\": \"Ricoh Streamline NX PC Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"ver.3.2.1.19\"}, {\"status\": \"affected\", \"version\": \" ver.3.3.1.3\"}, {\"status\": \"affected\", \"version\": \" ver.3.3.2.201\"}, {\"status\": \"affected\", \"version\": \" ver.3.4.3.1\"}, {\"status\": \"affected\", \"version\": \" ver.3.5.1.201 (ver.3.5.1.200op1)\"}, {\"status\": \"affected\", \"version\": \" ver.3.6.100.53\"}, {\"status\": \"affected\", \"version\": \" and ver.3.6.2.1\"}]}], \"references\": [{\"url\": \"https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006\"}, {\"url\": \"https://jvn.jp/en/jp/JVN00442488/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Use of potentially dangerous function\"}]}], \"providerMetadata\": {\"orgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"shortName\": \"jpcert\", \"dateUpdated\": \"2024-06-19T06:40:52.358Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-37124\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T03:50:54.525Z\", \"dateReserved\": \"2024-06-03T11:46:18.673Z\", \"assignerOrgId\": \"ede6fdc4-6654-4307-a26d-3331c018e2ce\", \"datePublished\": \"2024-06-19T06:40:52.358Z\", \"assignerShortName\": \"jpcert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…