CVE-2019-14305

26.08.2019, 15:15

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 78%

Vendor	Product	Version
ricoh	sp_c250sf_firmware	𝑥 < 1.13
ricoh	sp_c252sf_firmware	𝑥 < 1.13
ricoh	sp_c250dn_firmware	𝑥 < 1.07
ricoh	sp_c252dn_firmware	𝑥 < 1.07

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://jvn.jp/en/jp/JVN11708203/index.html

https://www.ricoh-usa.com/en/support-and-download

https://www.ricoh.com/info/2019/0823_1/

http://jvn.jp/en/jp/JVN11708203/index.html

https://www.ricoh-usa.com/en/support-and-download

https://www.ricoh.com/info/2019/0823_1/