Details of VAR-202001-0767

ID

VAR-202001-0767

CVE

CVE-2019-14301

TITLE

RICOH SP C250DN Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-02455 // CNNVD: CNNVD-202001-406

DESCRIPTION

Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2). Ricoh SP C250DN The device contains an authentication vulnerability.Information may be obtained. RICOH SP C250DN is a printer from Ricoh Japan. An information disclosure vulnerability exists in RICOH SP C250DN version 1.06. The vulnerability stems from configuration errors during the operation of the network system or product. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component

Trust: 2.25

sources: NVD: CVE-2019-14301 // JVNDB: JVNDB-2019-014136 // CNVD: CNVD-2020-02455 // VULMON: CVE-2019-14301

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-02455

AFFECTED PRODUCTS

vendor:	ricoh	model:	sp c250dn	scope:	eq	version:	1.06	Trust: 1.4
vendor:	ricoh	model:	m c250fw	scope:	lt	version:	1.02	Trust: 1.0
vendor:	ricoh	model:	sp 277sfnwx	scope:	lt	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	sp c250dn	scope:	lt	version:	1.09	Trust: 1.0
vendor:	ricoh	model:	sp 221	scope:	lt	version:	1.02	Trust: 1.0
vendor:	ricoh	model:	sp c250sf	scope:	lt	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	sp 3710dn	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 212w	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp c261sfnw	scope:	lt	version:	1.17	Trust: 1.0
vendor:	ricoh	model:	sp 212sfnw	scope:	lt	version:	1.08	Trust: 1.0
vendor:	ricoh	model:	sp c262dnw	scope:	lt	version:	1.13	Trust: 1.0
vendor:	ricoh	model:	sp c260dnw	scope:	lt	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	sp 213snw \	scope:	lt	version:	1.05	Trust: 1.0
vendor:	ricoh	model:	sp c260sfnw	scope:	lt	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	sp c252dn	scope:	lt	version:	1.09	Trust: 1.0
vendor:	ricoh	model:	m 2700	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 212sfnw \	scope:	lt	version:	1.08	Trust: 1.0
vendor:	ricoh	model:	sp c252sf	scope:	lt	version:	1.15	Trust: 1.0
vendor:	ricoh	model:	sp 3710sf	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 221snw	scope:	lt	version:	1.11	Trust: 1.0
vendor:	ricoh	model:	sp 213sfnw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 213w	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 213nw	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	p c301w	scope:	lt	version:	1.02	Trust: 1.0
vendor:	ricoh	model:	sp c262sfnw	scope:	lt	version:	1.17	Trust: 1.0
vendor:	ricoh	model:	mp 2014ad	scope:	lt	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	sp 212sfw	scope:	lt	version:	1.08	Trust: 1.0
vendor:	ricoh	model:	sp c261dnw	scope:	lt	version:	1.13	Trust: 1.0
vendor:	ricoh	model:	m c250fwb	scope:	lt	version:	1.02	Trust: 1.0
vendor:	ricoh	model:	sp277nwx	scope:	lt	version:	1.04	Trust: 1.0
vendor:	ricoh	model:	sp 220sfnw	scope:	lt	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	m 2701	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 213nw \	scope:	lt	version:	1.04	Trust: 1.0
vendor:	ricoh	model:	p c300w	scope:	lt	version:	1.02	Trust: 1.0
vendor:	ricoh	model:	sp 330dn	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 212nw	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 277snwx	scope:	lt	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	sp 221sf	scope:	lt	version:	1.11	Trust: 1.0
vendor:	ricoh	model:	sp 212suw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 213sfnw \	scope:	lt	version:	1.06	Trust: 1.0
vendor:	ricoh	model:	sp 330sfn	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 213suw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	mp 2014	scope:	lt	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	sp 330sn	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 221sfnw	scope:	lt	version:	1.12	Trust: 1.0
vendor:	ricoh	model:	sp 220snw	scope:	lt	version:	1.11	Trust: 1.0
vendor:	ricoh	model:	sp 213snw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 213sfw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 212snw	scope:	lt	version:	1.07	Trust: 1.0
vendor:	ricoh	model:	sp 221s	scope:	lt	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	sp 220nw	scope:	lt	version:	1.04	Trust: 1.0
vendor:	ricoh	model:	mp 2014d	scope:	lt	version:	1.10	Trust: 1.0
vendor:	ricoh	model:	sp 221nw	scope:	lt	version:	1.04	Trust: 1.0
vendor:	ricoh	model:	m c250fw	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	m c250fwb	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	p c300w	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	p c301w	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp 330sfn	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp 330sn	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp c250sf	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp c252dn	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp c252sf	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-02455 // JVNDB: JVNDB-2019-014136 // NVD: CVE-2019-14301

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14301
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-14301
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-02455
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-406
value:	HIGH
Trust: 0.6
VULMON:	CVE-2019-14301
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-14301
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2020-02455
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-14301
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-14301
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-02455 // VULMON: CVE-2019-14301 // JVNDB: JVNDB-2019-014136 // CNNVD: CNNVD-202001-406 // NVD: CVE-2019-14301

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.0
problemtype:	CWE-287	Trust: 0.8

sources: JVNDB: JVNDB-2019-014136 // NVD: CVE-2019-14301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-406

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202001-406

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014136

PATCH

title:	UPDATE：Potential security vulnerabilities in some of Ricoh's printers and Multifunction Printers (MFPs)	url:	https://www.ricoh.com/info/2019/0823_1/	Trust: 0.8
title:	Patch for RICOH SP C250DN Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/197267	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-14301	Trust: 0.1

sources: CNVD: CNVD-2020-02455 // VULMON: CVE-2019-14301 // JVNDB: JVNDB-2019-014136

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14301	Trust: 3.1
db:	JVN	id:	JVN52962201	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-014136	Trust: 1.4
db:	CNVD	id:	CNVD-2020-02455	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-406	Trust: 0.6
db:	VULMON	id:	CVE-2019-14301	Trust: 0.1

sources: CNVD: CNVD-2020-02455 // VULMON: CVE-2019-14301 // JVNDB: JVNDB-2019-014136 // CNNVD: CNNVD-202001-406 // NVD: CVE-2019-14301

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-14301	Trust: 2.0
url:	https://www.ricoh.com/info/2019/0823_1/	Trust: 1.7
url:	http://jvn.jp/en/jp/jvn52962201/index.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14301	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2019/jvndb-2019-014136.html	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-14301	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-02455 // VULMON: CVE-2019-14301 // JVNDB: JVNDB-2019-014136 // CNNVD: CNNVD-202001-406 // NVD: CVE-2019-14301

SOURCES

db:	CNVD	id:	CNVD-2020-02455
db:	VULMON	id:	CVE-2019-14301
db:	JVNDB	id:	JVNDB-2019-014136
db:	CNNVD	id:	CNNVD-202001-406
db:	NVD	id:	CVE-2019-14301

LAST UPDATE DATE

2024-11-23T21:36:14.327000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-02455	date:	2020-01-16T00:00:00
db:	VULMON	id:	CVE-2019-14301	date:	2023-02-01T00:00:00
db:	JVNDB	id:	JVNDB-2019-014136	date:	2020-02-04T00:00:00
db:	CNNVD	id:	CNNVD-202001-406	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2019-14301	date:	2024-11-21T04:26:26.527

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-02455	date:	2020-01-16T00:00:00
db:	VULMON	id:	CVE-2019-14301	date:	2020-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2019-014136	date:	2020-02-04T00:00:00
db:	CNNVD	id:	CNNVD-202001-406	date:	2020-01-10T00:00:00
db:	NVD	id:	CVE-2019-14301	date:	2020-01-10T18:15:11.333