9.8

CVE-2018-18006

Exploit

EPSS 2.49%
Veröffentlicht 14.12.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:55:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Hardcoded credentials in the Ricoh myPrint application 2.9.2.4 for Windows and 2.2.7 for Android give access to any externally disclosed myPrint WSDL API, as demonstrated by discovering API secrets of related Google cloud printers, encrypted passwords of mail servers, and names of printed files.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ricoh ≫ Myprint Version2.2.7 SwPlatformandroid

Ricoh ≫ Myprint Version2.9.2.4 SwPlatformwindows

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.49%	0.848

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

http://packetstormsecurity.com/files/150399/Ricoh-myPrint-Hardcoded-Credentials-Information-Disclosure.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2018/Nov/46

Third Party Advisory

Exploit

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2018-18006

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-18006

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-18006

EUVD