CVE-2019-14310

Published: Mar 13, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets

Affected (4)

Products: Ricoh: Sp C250sf Firmware, Sp C252sf Firmware, Sp C250dn Firmware, Sp C252dn Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C250sf Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C250sf	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C252sf Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C252sf	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C250dn Firmware	Version 1.05

Running on/with	Platform Versions
Ricoh Sp C250dn	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ricoh Sp C252dn Firmware	All versions

Running on/with	Platform Versions
Ricoh Sp C252dn	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Source: cve@mitre.org

Third Party Advisory

https://www.ricoh-usa.com/en/support-and-download

Source: cve@mitre.org

Vendor Advisory

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.ricoh-usa.com/en/support-and-download

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.