CVE-2018-16187

Published Jan 9, 2019

Last updated 6 years ago

CVSS medium 5.9

Overview

Description: The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
Source: vultures@jpcert.or.jp
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.9
Impact score: 3.6
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB177858-ECEB-45B1-8DB4-E12783C5D168",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d2200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "43293871-70F7-4B1D-956F-9308A860FC85"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFF2C49A-B1C8-4C32-9509-8C6BFD28B081",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d5500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D2E56838-5CF4-4997-BCAD-684F8EA3E107"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD86B218-BDB9-4C5E-8FD1-68AC8F0213C5",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d5510:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B09B5005-77BE-4F68-A7CE-F1D59DAD065C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0B5AD35-612F-49BB-BE54-E83950AFA77C",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          },
          {
            "criteria": "cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC034CC4-E2DB-4BEC-9137-E763B45116DA",
            "versionEndIncluding": "3.1.10137.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d5520:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C4CA9708-C251-4278-983F-B3FA1787B11D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA2D8C4E-81DD-495A-8386-2DE39265F719",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d6500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5848E96E-331B-4157-93B0-9DCB6B4B5A6F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56A53C16-038A-4510-BBE0-C237E3E45C46",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          },
          {
            "criteria": "cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E74C181-711B-4695-9BB6-56706A8777E0",
            "versionEndIncluding": "3.1.10137.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d6510:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "3DDE0143-ADE4-41E1-8884-2010B7E3EC95"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41222465-4A68-4011-BC35-760FB5D4560D",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          },
          {
            "criteria": "cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63DFC5DE-09B2-4CF9-9443-FC64CC3C35CE",
            "versionEndIncluding": "3.1.10137.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d7500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4FD5552E-8242-4E70-8BDD-58D16FF53ABE"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CE57C8A-065B-4CFD-9A66-D07F155AC9B7",
            "versionEndIncluding": "2.2",
            "versionStartIncluding": "1.3"
          },
          {
            "criteria": "cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FBE1D9A-5A49-46F6-84CB-31DDAA80505F",
            "versionEndIncluding": "3.1.10137.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:d8400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1AB2BD85-80E2-4225-8100-446B9F2BA053"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References