Main Vulnerability Database Vulnerabilities #VU25583

Improper access control in SP C250DN - CVE-2019-14302

Published: February 25, 2020

Vulnerability identifier: #VU25583

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14302

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: RICOH COMPANY, LTD.

Affected software:
SP C250DN

Detailed vulnerability description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. An attacker with physical access can bypass implemented security restrictions and execute arbitrary code, alter settings, and/or disable the function.

How to mitigate CVE-2019-14302

Install updates from vendor's website.

Sources

http://jvn.jp/en/jp/JVN52962201/index.html
https://www.ricoh.com/info/2019/0823_1/

Improper access control in SP C250DN - CVE-2019-14302

Detailed vulnerability description

How to mitigate CVE-2019-14302

Sources

Please verify you're human