← Back

CVE-2019-14299

nvd nist
Published: Mar 13, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

Affected (4)

Ricoh
4 products
Sp C250sf Firmware
Sp C252sf Firmware
Sp C250dn Firmware
Sp C252dn Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sp C250sf Firmware
All versions
Running on/withPlatform Versions
Ricoh
Sp C250sf
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sp C252sf Firmware
All versions
Running on/withPlatform Versions
Ricoh
Sp C252sf
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sp C250dn Firmware
Version 1.05
Running on/withPlatform Versions
Ricoh
Sp C250dn
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sp C252dn Firmware
All versions
Running on/withPlatform Versions
Ricoh
Sp C252dn
All versions

Related CWEs

CWE-307
Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

References (4)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.