July 31th, 2020
Ricoh Company, Ltd.
Ricoh understands the importance of security and is committed to managing its products and services with the most advance security technologies possible for our customers around the world. We have recently identified a potential vulnerability risk associated with RICOH Streamline NX Client Tool.
Vulnerability(CVE-2019-20001) was discovered in RICOH Streamline NX Client Tool that allows attackers to escalate local privileges.
We have released this countermeasure software upgrade to mitigate this vulnerability.
Affected versions are:
RICOH Streamline NX PC Client: ver.2.0.0 - ver.2.1.5 bundled with RICOH Streamline NX ver.3.0.0 - ver. 3.1.2.
RICOH Streamline NX PC Client: ver.3.2.0 - ver.3.3.2 bundled with RICOH Streamline NX ver.3.2.0 - ver. 3.3.2.
Fixed version are:
RICOH Streamline NX PC Client: ver.2.1.5.24 for RICOH Streamline NX ver.3.0.0 - ver. 3.1.2.
RICOH Streamline NX PC Client: ver.3.2.2.1 for RICOH Streamline NX ver.3.2.0 - ver. 3.3.2.
Impact:
An attacker can execute arbitrary codes on the computer that the attacker is logging in.
Solution:
Update with the appropriate software based on the information from Ricoh service representative.
Acknowledgements:
Jörn Henkel from Deutsche Telekom Security GmbH