Notice of security investigation: Vulnerability that an attacker can escalate privileges to NT Authority\System on the OS where RICOH Streamline NX PC Client is installed.

: First published: 04:30 am on June 18, 2024 (2024-06-18T13:30:00+09:00); Ricoh Company, Ltd.

Ricoh understands the importance of security and is committed to managing its products and services with the most advanced security technologies possible for its customers worldwide.
Ricoh is aware of the reported "Vulnerability that an attacker can escalate privileges to NT Authority\System on the OS where RICOH Streamline NX PC Client is installed." affects certain products and services that Ricoh develops, manufactures, and offers.

List 1 below shows the affected products and services. Ricoh offers measures detailed in the hyperlinked pages in the list.

Vulnerability Information ID

ricoh-2024-000005
Version

1.00E
CVE ID(CWE ID)

CVE-2024-36480 ( CWE-798 )
CVSSv3 base score

5.1MEDIUM

List1:Ricoh products and services affected by this vulnerability

Product/service	Link to details
RICOH Streamline NX V3	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000077-2024-000005

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

Acknowledgement:

officially acknowledge our contributor: Abian Blome from Siemens Energy.

History:
2024-06-18T13:30:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000005 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.