Vulnerability Details : CVE-2018-16187
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
Products affected by CVE-2018-16187
- cpe:2.3:o:ricoh:d2200_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d5500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d5510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d5520_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d6500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d6510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d7500_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:ricoh:d8400_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16187
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16187
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2018-16187
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16187
-
https://jvn.jp/en/jp/JVN55263945/index.html
JVN#55263945: Multiple vulnerabilities in RICOH Interactive WhiteboardThird Party Advisory
-
https://www.ricoh.com/info/2018/1127_1.html
Important: New firmware released for RICOH Interactive Whiteboard | Global | RicohVendor Advisory
Jump to