CVE-2019-14304 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 43%

Vendor	Product	Version
ricoh	sp_c250sf_firmware	𝑥 < 1.15
ricoh	sp_c252sf_firmware	𝑥 < 1.15
ricoh	sp_c250dn_firmware	𝑥 < 1.09
ricoh	sp_c252dn_firmware	𝑥 < 1.09
ricoh	m_c250fw_firmware	𝑥 < 1.02
ricoh	m_c250fwb_firmware	𝑥 < 1.02
ricoh	p_c300w_firmware	𝑥 < 1.02
ricoh	p_c301w_firmware	𝑥 < 1.02
ricoh	sp_330sn_firmware	𝑥 < 1.07
ricoh	sp_330sfn_firmware	𝑥 < 1.07
ricoh	sp_330dn_firmware	𝑥 < 1.07
ricoh	sp_3710sf_firmware	𝑥 < 1.07
ricoh	sp_3710dn_firmware	𝑥 < 1.07
ricoh	sp_c260dnw_firmware	𝑥 < 1.12
ricoh	sp_c260sfnw_firmware	𝑥 < 1.15
ricoh	sp_c261dnw_firmware	𝑥 < 1.13
ricoh	sp_c261sfnw_firmware	𝑥 < 1.17
ricoh	sp_c262sfnw_firmware	𝑥 < 1.17
ricoh	sp_c262dnw_firmware	𝑥 < 1.13
ricoh	mp_2014_firmware	𝑥 < 1.10
ricoh	mp_2014d_firmware	𝑥 < 1.10
ricoh	mp_2014ad_firmware	𝑥 < 1.10
ricoh	m_2700_firmware	𝑥 < 1.06
ricoh	m_2701_firmware	𝑥 < 1.06
ricoh	sp_221s_firmware	𝑥 < 1.10
ricoh	sp_220snw_firmware	𝑥 < 1.11
ricoh	sp_221snw_firmware	𝑥 < 1.11
ricoh	sp_221sf_firmware	𝑥 < 1.11
ricoh	sp_220sfnw_firmware	𝑥 < 1.12
ricoh	sp_221sfnw_firmware	𝑥 < 1.12
ricoh	sp_277snwx_firmware	𝑥 < 1.12
ricoh	sp_277sfnwx_firmware	𝑥 < 1.12
ricoh	sp_221_firmware	𝑥 < 1.02
ricoh	sp_220nw_firmware	𝑥 < 1.04
ricoh	sp_221nw_firmware	𝑥 < 1.04
ricoh	sp277nwx_firmware	𝑥 < 1.04
ricoh	sp_212snw_firmware	𝑥 < 1.07
ricoh	sp_212sfnw_firmware	𝑥 < 1.08
ricoh	sp_212sfw_firmware	𝑥 < 1.08
ricoh	sp_212sfnw_\(china\)_firmware	𝑥 < 1.08
ricoh	sp_212suw_firmware	𝑥 < 1.07
ricoh	sp_213snw_firmware	𝑥 < 1.07
ricoh	sp_213snw_\(taiwan\)_firmware	𝑥 < 1.05
ricoh	sp_213suw_firmware	𝑥 < 1.07
ricoh	sp_213sfnw_firmware	𝑥 < 1.07
ricoh	sp_213sfw_firmware	𝑥 < 1.07
ricoh	sp_213sfnw_\(taiwan\)_firmware	𝑥 < 1.06
ricoh	sp_212nw_firmware	𝑥 < 1.06
ricoh	sp_213nw_firmware	𝑥 < 1.06
ricoh	sp_213nw_\(taiwan\)_firmware	𝑥 < 1.04
ricoh	sp_212w_firmware	𝑥 < 1.06
ricoh	sp_213w_firmware	𝑥 < 1.06

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-352 - Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References

http://jvn.jp/en/jp/JVN52962201/index.html

https://www.ricoh.com/info/2019/0823_1/

http://jvn.jp/en/jp/JVN52962201/index.html

https://www.ricoh.com/info/2019/0823_1/