Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:52962201
HistoryFeb 25, 2020 - 12:00 a.m.

JVN#52962201: Multiple vulnerabilities in RICOH printers

2020-02-2500:00:00
Japan Vulnerability Notes
jvn.jp
53

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.9%

JSON

Multiple RICOH printers contain multiple vulnerabilities listed below.

Information Disclosure (CWE-200) - CVE-CVE-2019-14301

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5
CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3

Improper Access Control (CWE-284) - CVE-2019-14302

Version Vector Score
CVSS v3 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
CVSS v2 AV:L/AC:L/Au:N/C:P/I:P/A:P Base Score: 4.6

Cross-site Request Forgery (CWE-352) - CVE-2019-14304

Version Vector Score
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L Base Score: 5.4
CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:P Base Score: 4.0

Improper Authentication (CWE-287) - CVE-2019-14306

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5
CVSS v2 AV:A/AC:L/Au:N/C:P/I:N/A:N Base Score: 3.3

Impact

  • A user who can access the device may access the debugging Web page and obtain sensitive information - CVE-2019-14301
  • A user who can physically access the device may execute arbitrary code, alter settings, and/or disable the function - CVE-2019-14302
  • If a user accesses a specially crafted page, unintended operations such as changing settings of the device may be performed - CVE-2019-14304
  • A user who can access the device may the device settings information - CVE-2019-14306

Solution

Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.

Products Affected

A wide range of the products is affected.
For more information, refer to the information provided by the developer.

Related

openvas 3
prion 4
nvd 4
nessus 4
cvelist 4
cve 4
openvas
openvas
RICOH Printers Multiple Vulnerabilities (Aug 2019)
2019-09-02 00:00:00
RICOH Printers M C250FW, M C250FWB, P C300W, P C301W < 1.02 Multiple Vulnerabilities
2020-01-29 00:00:00
RICOH Printers 'CVE-2019-14302' Debug Port Vulnerability
2020-01-29 00:00:00
prion
prion
Design/Logic Flaw
2020-01-10 18:15:00
Design/Logic Flaw
2020-01-10 18:15:00
Design/Logic Flaw
2020-01-10 18:15:00
nvd
nvd
CVE-2019-14302
2020-01-10 18:15:11
CVE-2019-14306
2020-01-10 18:15:11
CVE-2019-14304
2020-01-10 18:15:11
nessus
nessus
RICOH Multiple Products Incorrect Access Control (CVE-2019-14306)
2024-02-13 00:00:00
RICOH Multiple Products Incorrect Access Control (CVE-2019-14301)
2024-02-13 00:00:00
RICOH Multiple Products Debug Port Available (CVE-2019-14302)
2024-02-13 00:00:00
cvelist
cvelist
CVE-2019-14306
2020-01-10 17:59:24
CVE-2019-14301
2020-01-10 18:00:09
CVE-2019-14302
2020-01-10 17:59:46
cve
cve
CVE-2019-14306
2020-01-10 18:15:11
CVE-2019-14302
2020-01-10 18:15:11
CVE-2019-14304
2020-01-10 18:15:11

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.9%

JSON
Related for JVN:52962201
openvas3prion4nvd4nessus4cvelist4cve4