Details of VAR-202003-0926

ID

VAR-202003-0926

CVE

CVE-2019-14309

TITLE

RICOH SP C250DN Trust Management Issue Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-19587 // CNNVD: CNNVD-202003-866

DESCRIPTION

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. plural Ricoh SP C250DN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05

Trust: 2.16

sources: NVD: CVE-2019-14309 // JVNDB: JVNDB-2019-014959 // CNVD: CNVD-2020-19587

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-19587

AFFECTED PRODUCTS

vendor:	ricoh	model:	sp c250dn	scope:	eq	version:	1.05	Trust: 2.4
vendor:	ricoh	model:	sp c250sf	scope:	eq	version:	*	Trust: 1.0
vendor:	ricoh	model:	sp c252dn	scope:	eq	version:	*	Trust: 1.0
vendor:	ricoh	model:	sp c252sf	scope:	eq	version:	*	Trust: 1.0
vendor:	ricoh	model:	sp c250sf	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp c252dn	scope:	-	version:	-	Trust: 0.8
vendor:	ricoh	model:	sp c252sf	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2020-19587 // JVNDB: JVNDB-2019-014959 // NVD: CVE-2019-14309

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-14309
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-014959
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-19587
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202003-866
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-14309
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2019-014959
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-19587
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-14309
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-014959
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-19587 // JVNDB: JVNDB-2019-014959 // CNNVD: CNNVD-202003-866 // NVD: CVE-2019-14309

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.8

sources: JVNDB: JVNDB-2019-014959 // NVD: CVE-2019-14309

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-866

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-866

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-014959

PATCH

title:	Support & Downloads	url:	https://www.ricoh-usa.com/en/support-and-download	Trust: 0.8
title:	Patch for RICOH SP C250DN Trust Management Issue Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/211085	Trust: 0.6
title:	RICOH SP C250DN Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112086	Trust: 0.6

sources: CNVD: CNVD-2020-19587 // JVNDB: JVNDB-2019-014959 // CNNVD: CNNVD-202003-866

EXTERNAL IDS

db:	NVD	id:	CVE-2019-14309	Trust: 3.0
db:	JVNDB	id:	JVNDB-2019-014959	Trust: 0.8
db:	CNVD	id:	CNVD-2020-19587	Trust: 0.6
db:	CNNVD	id:	CNNVD-202003-866	Trust: 0.6

sources: CNVD: CNVD-2020-19587 // JVNDB: JVNDB-2019-014959 // CNNVD: CNNVD-202003-866 // NVD: CVE-2019-14309

REFERENCES

url:	https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14309	Trust: 2.0
url:	https://www.ricoh-usa.com/en/support-and-download	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14309	Trust: 0.8

sources: CNVD: CNVD-2020-19587 // JVNDB: JVNDB-2019-014959 // CNNVD: CNNVD-202003-866 // NVD: CVE-2019-14309

SOURCES

db:	CNVD	id:	CNVD-2020-19587
db:	JVNDB	id:	JVNDB-2019-014959
db:	CNNVD	id:	CNNVD-202003-866
db:	NVD	id:	CVE-2019-14309

LAST UPDATE DATE

2024-11-23T22:29:41.450000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-19587	date:	2020-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-014959	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-866	date:	2020-03-19T00:00:00
db:	NVD	id:	CVE-2019-14309	date:	2024-11-21T04:26:28.030

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-19587	date:	2020-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2019-014959	date:	2020-03-31T00:00:00
db:	CNNVD	id:	CNNVD-202003-866	date:	2020-03-13T00:00:00
db:	NVD	id:	CVE-2019-14309	date:	2020-03-13T19:15:16.837