Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
1 vulnerability by RICOH COMPANY, LTD
CVE-2024-36252 (GCVE-0-2024-36252)
Vulnerability from cvelistv5 – Published: 2024-06-19 06:40 – Updated: 2024-08-02 03:37
VLAI?
Summary
Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed.
Severity ?
6.3 (Medium)
CWE
- Improper restriction of communication channel to intended endpoints
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| RICOH COMPANY, LTD | Ricoh Streamline NX PC Client |
Affected:
ver.3.6.x and earlier
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36252",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T15:21:10.721078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-923",
"description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T15:21:18.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:03.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ricoh Streamline NX PC Client",
"vendor": "RICOH COMPANY, LTD",
"versions": [
{
"status": "affected",
"version": "ver.3.6.x and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of communication channel to intended endpoints",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-19T06:40:38.870Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"
},
{
"url": "https://jvn.jp/en/jp/JVN00442488/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36252",
"datePublished": "2024-06-19T06:40:38.870Z",
"dateReserved": "2024-06-04T09:09:46.380Z",
"dateUpdated": "2024-08-02T03:37:03.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}