#VU21113 Buffer overflow in RICOH COMPANY, LTD. products - CVE-2019-14300
Published: September 16, 2019
Vulnerability identifier: #VU21113
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-14300
CWE-ID: CWE-119
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
SP C252DN
SP C250DN
SP C252SF
SP C250SF
SP C252DN
SP C250DN
SP C252SF
SP C250SF
Software vendor:
RICOH COMPANY, LTD.
RICOH COMPANY, LTD.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing HTTP cookie headers. A remote attacker can send a specially crafted requests to the web server, trigger memory corruption and cause a denial of service condition or execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.