CVE-2019-14308 — CRITICAL (9.8)

Q: How severe is CVE-2019-14308?

CVE-2019-14308 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-14308?

Check the references section above for vendor advisories and patch information. Affected products include: Ricoh Sp C250Sf Firmware, Ricoh Sp C250Sf, Ricoh Sp C252Sf Firmware, Ricoh Sp C252Sf, Ricoh Sp C250Dn Firmware.

Vulnerability Description

Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ricoh	Sp C250Sf Firmware	< 1.13
Ricoh	Sp C250Sf	-
Ricoh	Sp C252Sf Firmware	< 1.13
Ricoh	Sp C252Sf	-
Ricoh	Sp C250Dn Firmware	< 1.07
Ricoh	Sp C250Dn	-
Ricoh	Sp C252Dn Firmware	< 1.07
Ricoh	Sp C252Dn	-

Related Weaknesses (CWE)

CWE-119

References

http://jvn.jp/en/jp/JVN11708203/index.html
https://www.ricoh-usa.com/en/support-and-downloadProduct
https://www.ricoh.com/info/2019/0823_1/Vendor Advisory
http://jvn.jp/en/jp/JVN11708203/index.html
https://www.ricoh-usa.com/en/support-and-downloadProduct
https://www.ricoh.com/info/2019/0823_1/Vendor Advisory

FAQ

What is CVE-2019-14308?

CVE-2019-14308 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firm...

How severe is CVE-2019-14308?

CVE-2019-14308 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-14308?

Check the references section above for vendor advisories and patch information. Affected products include: Ricoh Sp C250Sf Firmware, Ricoh Sp C250Sf, Ricoh Sp C252Sf Firmware, Ricoh Sp C252Sf, Ricoh Sp C250Dn Firmware.