Lucene search

JpcertCVE-2018-16184

HistoryJan 09, 2019 - 11:29 p.m.

CVE-2018-16184

2019-01-0923:29:04

CWE-78

jpcert

web.nvd.nist.gov

ricoh

interactive whiteboard

cve-2018-16184

remote attackers

execute arbitrary commands

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

RICOH Interactive Whiteboard D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400) allows remote attackers to execute arbitrary commands via unspecified vectors.

Affected configurations

Nvd

Node

ricohd2200Match-

AND

ricohd2200_firmwareRange1.6–2.2

Node

ricohd5500Match-

AND

ricohd5500_firmwareRange1.6–2.2

Node

ricohd5510Match-

AND

ricohd5510_firmwareRange1.6–2.2

Node

ricohd5520Match-

AND

ricohd5520_firmwareRange1.6–2.2

Node

ricohd6500Match-

AND

ricohd6500_firmwareRange1.6–2.2

Node

ricohd6510Match-

AND

ricohd6510_firmwareRange1.6–2.2

Node

ricohd7500Match-

AND

ricohd7500_firmwareRange1.6–2.2

Node

ricohd8400Match-

AND

ricohd8400_firmwareRange1.6–2.2

VendorProductVersionCPE
ricohd2200-cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*
ricohd2200_firmware*cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*
ricohd5500-cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*
ricohd5500_firmware*cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*
ricohd5510-cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*
ricohd5510_firmware*cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*
ricohd5520-cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*
ricohd5520_firmware*cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*
ricohd6500-cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*
ricohd6500_firmware*cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ricoh	d2200	-	cpe:2.3:h:ricoh:d2200:-:::::::*
ricoh	d2200_firmware	*	cpe:2.3:o:ricoh:d2200_firmware::::::::
ricoh	d5500	-	cpe:2.3:h:ricoh:d5500:-:::::::*
ricoh	d5500_firmware	*	cpe:2.3:o:ricoh:d5500_firmware::::::::
ricoh	d5510	-	cpe:2.3:h:ricoh:d5510:-:::::::*
ricoh	d5510_firmware	*	cpe:2.3:o:ricoh:d5510_firmware::::::::
ricoh	d5520	-	cpe:2.3:h:ricoh:d5520:-:::::::*
ricoh	d5520_firmware	*	cpe:2.3:o:ricoh:d5520_firmware::::::::
ricoh	d6500	-	cpe:2.3:h:ricoh:d6500:-:::::::*
ricoh	d6500_firmware	*	cpe:2.3:o:ricoh:d6500_firmware::::::::

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "RICOH Interactive Whiteboard",
    "vendor": "RICOH COMPANY, LTD.",
    "versions": [
      {
        "status": "affected",
        "version": "D2200 V1.6 to V2.2, D5500 V1.6 to V2.2, D5510 V1.6 to V2.2, and the display versions with RICOH Interactive Whiteboard Controller Type1 V1.6 to V2.2 attached (D5520, D6500, D6510, D7500, D8400)"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN55263945/index.html

www.ricoh.com/info/2018/1127_1.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2018-16184