Multiple vulnerabilities in Ricoh printers
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2019-14299 CVE-2019-14301 CVE-2019-14302 CVE-2019-14303 CVE-2019-14304 CVE-2019-14306 CVE-2019-14309 CVE-2019-14310 |
| CWE-ID | CWE-119 CWE-200 CWE-284 CWE-20 CWE-352 CWE-287 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SP C250SF Hardware solutions / Firmware SP C252SF Hardware solutions / Firmware SP C250DN Hardware solutions / Firmware SP C252DN Hardware solutions / Firmware |
| Vendor | RICOH COMPANY, LTD. |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU25580
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14299
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker on the local network can send a specially crafted requests to the web server, trigger memory corruption and cause a denial of service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250SF: 1.12 - 1.15
SP C252SF: 1.12 - 1.15
SP C250DN: 1.06 - 1.09
SP C252DN: 1.04 - 1.09
External linkshttp://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU25582
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14301
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper access restrictions. A remote attacker on the local network can access the debugging Web page and obtain sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250DN: 1.06
External linkshttp://jvn.jp/en/jp/JVN52962201/index.html
http://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper access control
EUVDB-ID: #VU25583
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14302
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and execute arbitrary code, alter settings, and/or disable the function.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250DN: 1.06
External linkshttp://jvn.jp/en/jp/JVN52962201/index.html
http://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU25584
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14303
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code or cause a denial of service (DoS) condition on the system.
Install updates from vendor's website.
Vulnerable software versionsSP C250SF: 1.12 - 1.15
SP C252SF: 1.12 - 1.15
SP C250DN: 1.06 - 1.09
SP C252DN: 1.04 - 1.09
External linkshttp://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Cross-site request forgery
EUVDB-ID: #VU25585
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14304
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsSP C250DN: 1.06
External linkshttp://jvn.jp/en/jp/JVN52962201/index.html
http://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Authentication
EUVDB-ID: #VU25587
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14306
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper access restrictions. A remote attacker on the local network can bypass authentication process and gain unauthorized access to the device settings information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250DN: 1.06
External linkshttp://jvn.jp/en/jp/JVN52962201/index.html
http://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU25588
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14309
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code or cause a denial of service (DoS) condition on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250SF: 1.12 - 1.15
SP C252SF: 1.12 - 1.15
SP C250DN: 1.06 - 1.09
SP C252DN: 1.04 - 1.09
External linkshttp://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU25589
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-14310
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can execute arbitrary code or cause a denial of service (DoS) condition on the system. MitigationInstall updates from vendor's website.
Vulnerable software versionsSP C250SF: 1.12 - 1.15
SP C252SF: 1.12 - 1.15
SP C250DN: 1.06 - 1.09
SP C252DN: 1.04 - 1.09
External linkshttp://www.ricoh.com/info/2019/0823_1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
