SB2024061819 - Multiple vulnerabilities in Ricoh Streamline NX PC Client
Published: June 18, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Improper restriction of communication channel to intended endpoints (CVE-ID: CVE-2024-36252)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper restriction of communication channel to intended endpoints. A remote attacker on the local network can execute arbitrary code on the system.
2) Use of hard-coded credentials (CVE-ID: CVE-2024-36480)
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to presence of hard-coded credentials in application code. A local attacker can obtain LocalSystem Account.
3) Use of Potentially Dangerous Function (CVE-ID: CVE-2024-37124)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to use of potentially dangerous function. A local attacker can write arbitrary property files at any place of the filesystem.
4) Use of Potentially Dangerous Function (CVE-ID: CVE-2024-37387)
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to use of potentially dangerous function. A local attacker can alter files in the PC where the product is installed.
Remediation
Install update from vendor's website.
References
- https://jvn.jp/en/jp/JVN00442488/index.html
- https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000004
- https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000005
- https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000006
- https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000007