Details of VAR-201905-0935

ID

VAR-201905-0935

CVE

CVE-2019-11844

TITLE

RICOH SP 4520DN Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004551

DESCRIPTION

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. RICOHSP4520DN is a multi-function printer from Ricoh (RICOH). There is a code injection vulnerability in RICOHSP4520DN. This vulnerability is caused by the external input data constructing code segment. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to generate illegal code segments and modify the network system or component. The expected execution control flow. RICOH SP 4520DN is a multi-function printer produced by Ricoh Corporation of Japan. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 2.25

sources: NVD: CVE-2019-11844 // JVNDB: JVNDB-2019-004551 // CNVD: CNVD-2019-14244 // VULHUB: VHN-143531

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14244

AFFECTED PRODUCTS

vendor:	ricoh	model:	sp 4520dn	scope:	-	version:	-	Trust: 1.4
vendor:	ricoh	model:	sp 4520dn	scope:	eq	version:	-	Trust: 1.0

sources: CNVD: CNVD-2019-14244 // JVNDB: JVNDB-2019-004551 // NVD: CVE-2019-11844

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11844
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11844
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-14244
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-244
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143531
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11844
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14244
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-143531
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11844
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-14244 // VULHUB: VHN-143531 // JVNDB: JVNDB-2019-004551 // CNNVD: CNNVD-201905-244 // NVD: CVE-2019-11844

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	CWE-74	Trust: 0.9

sources: VULHUB: VHN-143531 // JVNDB: JVNDB-2019-004551 // NVD: CVE-2019-11844

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-244

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-244

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004551

PATCH

title:

SP 4520DN

url:

https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.html

Trust: 0.8

sources: JVNDB: JVNDB-2019-004551

EXTERNAL IDS

db:	PACKETSTORM	id:	152790	Trust: 3.1
db:	NVD	id:	CVE-2019-11844	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-004551	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-244	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14244	Trust: 0.6
db:	VULHUB	id:	VHN-143531	Trust: 0.1

sources: CNVD: CNVD-2019-14244 // VULHUB: VHN-143531 // JVNDB: JVNDB-2019-004551 // CNNVD: CNNVD-201905-244 // NVD: CVE-2019-11844

REFERENCES

url:	http://packetstormsecurity.com/files/152790/ricoh-sp-4520dn-printer-html-injection.html	Trust: 3.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11844	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11844	Trust: 0.8

sources: CNVD: CNVD-2019-14244 // VULHUB: VHN-143531 // JVNDB: JVNDB-2019-004551 // CNNVD: CNNVD-201905-244 // NVD: CVE-2019-11844

CREDITS

Ismail Tasdelen

Trust: 0.6

sources: CNNVD: CNNVD-201905-244

SOURCES

db:	CNVD	id:	CNVD-2019-14244
db:	VULHUB	id:	VHN-143531
db:	JVNDB	id:	JVNDB-2019-004551
db:	CNNVD	id:	CNNVD-201905-244
db:	NVD	id:	CVE-2019-11844

LAST UPDATE DATE

2024-11-23T22:41:30.046000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14244	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-143531	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004551	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-244	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-11844	date:	2024-11-21T04:21:52.950

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14244	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-143531	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004551	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-244	date:	2019-05-09T00:00:00
db:	NVD	id:	CVE-2019-11844	date:	2019-05-14T18:29:00.267