{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-36252", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2024-06-04T09:09:46.380Z", "datePublished": "2024-06-19T06:40:38.870Z", "dateUpdated": "2024-08-02T03:37:03.680Z"}, "containers": {"cna": {"affected": [{"vendor": "RICOH COMPANY, LTD", "product": "Ricoh Streamline NX PC Client", "versions": [{"version": "ver.3.6.x and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed."}], "problemTypes": [{"descriptions": [{"description": "Improper restriction of communication channel to intended endpoints", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"}, {"url": "https://jvn.jp/en/jp/JVN00442488/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-06-19T06:40:38.870Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-923", "lang": "en", "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-06-25T15:21:10.721078Z", "id": "CVE-2024-36252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:21:18.874Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:03.680Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN00442488/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN00442488/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:37:03.680Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-36252", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-25T15:21:10.721078Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-923", "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T15:21:00.477Z"}}], "cna": {"affected": [{"vendor": "RICOH COMPANY, LTD", "product": "Ricoh Streamline NX PC Client", "versions": [{"status": "affected", "version": "ver.3.6.x and earlier"}]}], "references": [{"url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"}, {"url": "https://jvn.jp/en/jp/JVN00442488/"}], "descriptions": [{"lang": "en", "value": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Improper restriction of communication channel to intended endpoints"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2024-06-19T06:40:38.870Z"}}}, "cveMetadata": {"cveId": "CVE-2024-36252", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:37:03.680Z", "dateReserved": "2024-06-04T09:09:46.380Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2024-06-19T06:40:38.870Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed."}, {"lang": "es", "value": "Existe un problema de restricci\u00f3n inadecuada del canal de comunicaci\u00f3n a los endpoints previstos en Ricoh Streamline NX PC Client versi\u00f3n 3.6.x y versiones anteriores. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario en la PC donde est\u00e1 instalado el producto."}], "id": "CVE-2024-36252", "lastModified": "2024-07-03T02:02:59.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-06-19T07:15:46.200", "references": [{"source": "vultures@jpcert.or.jp", "url": "https://jvn.jp/en/jp/JVN00442488/"}, {"source": "vultures@jpcert.or.jp", "url": "https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000004"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-923"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}