CVE-2024-36480
First published: Wed Jun 19 2024(Updated: )
Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is exploited, an attacker may obtain LocalSystem Account of the PC where the product is installed. As a result, unintended operations may be performed on the PC.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RICOH Streamline NX Client Tool | <3.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-36480?
CVE-2024-36480 is considered a high severity vulnerability due to the potential for an attacker to gain LocalSystem Account access.
How do I fix CVE-2024-36480?
To mitigate CVE-2024-36480, upgrade to Ricoh Streamline NX PC Client version 3.7.3 or later where the hard-coded credentials issue is resolved.
What software is affected by CVE-2024-36480?
CVE-2024-36480 affects Ricoh Streamline NX PC Client version 3.7.2 and earlier.
What are the risks associated with CVE-2024-36480?
Exploitation of CVE-2024-36480 could allow an attacker to perform unintended operations on the compromised PC.
Is there a workaround for CVE-2024-36480?
No specific workaround is recommended for CVE-2024-36480; the best course is to update to the patched version.
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- collector/nvd-api
- source/NVD
- agent/severity
- agent/weakness
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ricoh
- canonical/ricoh streamline nx client tool