Details of VAR-201905-0936

ID

VAR-201905-0936

CVE

CVE-2019-11845

TITLE

RICOH SP 4510DN Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-004501

DESCRIPTION

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. RICOHSP4510DN is a multi-function printer from Ricoh (RICOH). There is a code injection vulnerability in RICOHSP4510DN. This vulnerability is caused by the external input data constructing code segment. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to generate illegal code segments and modify the network system or component. The expected execution control flow. RICOH SP 4510DN is a multi-function printer produced by Ricoh Corporation of Japan. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

Trust: 2.25

sources: NVD: CVE-2019-11845 // JVNDB: JVNDB-2019-004501 // CNVD: CNVD-2019-14243 // VULHUB: VHN-143532

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-14243

AFFECTED PRODUCTS

vendor:	ricoh	model:	sp 4510dn	scope:	-	version:	-	Trust: 1.4
vendor:	ricoh	model:	sp 4510dn	scope:	eq	version:	-	Trust: 1.0

sources: CNVD: CNVD-2019-14243 // JVNDB: JVNDB-2019-004501 // NVD: CVE-2019-11845

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-11845
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-11845
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-14243
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-242
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-143532
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-11845
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-14243
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-143532
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-11845
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-14243 // VULHUB: VHN-143532 // JVNDB: JVNDB-2019-004501 // CNNVD: CNNVD-201905-242 // NVD: CVE-2019-11845

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	CWE-74	Trust: 0.9

sources: VULHUB: VHN-143532 // JVNDB: JVNDB-2019-004501 // NVD: CVE-2019-11845

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-242

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-242

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-004501

PATCH

title:

SP 4510DN

url:

https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4510dn.html

Trust: 0.8

sources: JVNDB: JVNDB-2019-004501

EXTERNAL IDS

db:	NVD	id:	CVE-2019-11845	Trust: 3.1
db:	PACKETSTORM	id:	152789	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-004501	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-242	Trust: 0.7
db:	CNVD	id:	CNVD-2019-14243	Trust: 0.6
db:	VULHUB	id:	VHN-143532	Trust: 0.1

sources: CNVD: CNVD-2019-14243 // VULHUB: VHN-143532 // JVNDB: JVNDB-2019-004501 // CNNVD: CNNVD-201905-242 // NVD: CVE-2019-11845

REFERENCES

url:	http://packetstormsecurity.com/files/152789/ricoh-sp-4510dn-printer-html-injection.html	Trust: 3.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11845	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11845	Trust: 0.8

sources: CNVD: CNVD-2019-14243 // VULHUB: VHN-143532 // JVNDB: JVNDB-2019-004501 // CNNVD: CNNVD-201905-242 // NVD: CVE-2019-11845

CREDITS

Ismail Tasdelen

Trust: 0.6

sources: CNNVD: CNNVD-201905-242

SOURCES

db:	CNVD	id:	CNVD-2019-14243
db:	VULHUB	id:	VHN-143532
db:	JVNDB	id:	JVNDB-2019-004501
db:	CNNVD	id:	CNNVD-201905-242
db:	NVD	id:	CVE-2019-11845

LAST UPDATE DATE

2024-11-23T21:59:56.444000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-14243	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-143532	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-004501	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-242	date:	2020-10-28T00:00:00
db:	NVD	id:	CVE-2019-11845	date:	2024-11-21T04:21:53.087

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-14243	date:	2019-05-14T00:00:00
db:	VULHUB	id:	VHN-143532	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2019-004501	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-242	date:	2019-05-09T00:00:00
db:	NVD	id:	CVE-2019-11845	date:	2019-05-14T18:29:00.343