CVE-2019-14305 — HIGH (8.8)

Q: How severe is CVE-2019-14305?

CVE-2019-14305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14305?

Check the references section above for vendor advisories and patch information. Affected products include: Ricoh Sp C250Sf Firmware, Ricoh Sp C250Sf, Ricoh Sp C252Sf Firmware, Ricoh Sp C252Sf, Ricoh Sp C250Dn Firmware.

Vulnerability Description

Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ricoh	Sp C250Sf Firmware	< 1.13
Ricoh	Sp C250Sf	-
Ricoh	Sp C252Sf Firmware	< 1.13
Ricoh	Sp C252Sf	-
Ricoh	Sp C250Dn Firmware	< 1.07
Ricoh	Sp C250Dn	-
Ricoh	Sp C252Dn Firmware	< 1.07
Ricoh	Sp C252Dn	-

Related Weaknesses (CWE)

CWE-119

References

http://jvn.jp/en/jp/JVN11708203/index.html
https://www.ricoh-usa.com/en/support-and-downloadProduct
https://www.ricoh.com/info/2019/0823_1/Vendor Advisory
http://jvn.jp/en/jp/JVN11708203/index.html
https://www.ricoh-usa.com/en/support-and-downloadProduct
https://www.ricoh.com/info/2019/0823_1/Vendor Advisory

FAQ

What is CVE-2019-14305?

CVE-2019-14305 is a vulnerability with a CVSS score of 8.8 (HIGH). Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code...

How severe is CVE-2019-14305?

CVE-2019-14305 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14305?

Check the references section above for vendor advisories and patch information. Affected products include: Ricoh Sp C250Sf Firmware, Ricoh Sp C250Sf, Ricoh Sp C252Sf Firmware, Ricoh Sp C252Sf, Ricoh Sp C250Dn Firmware.