9.8

CVE-2024-37124

Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.2.1.19
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.3.1.3
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.3.2.201
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.4.3.1
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.5.1.201\/ver.3.5.1.200op1\/
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.6.100.53
Status affected
Herstellerricoh
Produkt streamline_nx_pc_client
Default Statusunknown
Version ver.3.6.2.1
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.392
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://jvn.jp/en/jp/JVN00442488/
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000006