Sign-up

ID

VAR-202003-0928


CVE

CVE-2019-14299


TITLE

plural Ricoh SP C250DN Inadequate protection of credentials on devices

Trust: 0.8

sources: JVNDB: JVNDB-2019-014957

DESCRIPTION

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. plural Ricoh SP C250DN Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05, which originated from the device's failure to lock accounts

Trust: 2.16

sources: NVD: CVE-2019-14299 // JVNDB: JVNDB-2019-014957 // CNVD: CNVD-2020-19586

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-19586

AFFECTED PRODUCTS

vendor:ricohmodel:sp c250dnscope:eqversion:1.05

Trust: 2.4

vendor:ricohmodel:sp c250sfscope:eqversion:*

Trust: 1.0

vendor:ricohmodel:sp c252dnscope:eqversion:*

Trust: 1.0

vendor:ricohmodel:sp c252sfscope:eqversion:*

Trust: 1.0

vendor:ricohmodel:sp c250sfscope: - version: -

Trust: 0.8

vendor:ricohmodel:sp c252dnscope: - version: -

Trust: 0.8

vendor:ricohmodel:sp c252sfscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2020-19586 // JVNDB: JVNDB-2019-014957 // NVD: CVE-2019-14299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14299
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2019-014957
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-19586
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-867
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2019-14299
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-014957
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-19586
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-14299
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-014957
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-19586 // JVNDB: JVNDB-2019-014957 // CNNVD: CNNVD-202003-867 // NVD: CVE-2019-14299

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:CWE-522

Trust: 0.8

sources: JVNDB: JVNDB-2019-014957 // NVD: CVE-2019-14299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-867

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202003-867

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-014957

PATCH
title:Support & Downloadsurl:https://www.ricoh-usa.com/en/support-and-download
Trust: 0.8
title:Patch for RICOH SP C250DN logic flaw vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/211087
Trust: 0.6
title:RICOH SP C250DN Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112087
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19586 // 
            
            
            
            JVNDB: JVNDB-2019-014957 // 
            
            
            
            CNNVD: CNNVD-202003-867

EXTERNAL IDS
db:NVDid:CVE-2019-14299
Trust: 3.0
db:JVNDBid:JVNDB-2019-014957
Trust: 0.8
db:CNVDid:CNVD-2020-19586
Trust: 0.6
db:AUSCERTid:ESB-2020.4167
Trust: 0.6
db:CNNVDid:CNNVD-202003-867
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19586 // 
            
            
            
            JVNDB: JVNDB-2019-014957 // 
            
            
            
            CNNVD: CNNVD-202003-867 // 
            
            
            
            NVD: CVE-2019-14299

REFERENCES
url:https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-14299
Trust: 2.0
url:https://www.ricoh-usa.com/en/support-and-download
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14299
Trust: 0.8
url:https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/#d
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.4167/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-19586 // 
            
            
            
            JVNDB: JVNDB-2019-014957 // 
            
            
            
            CNNVD: CNNVD-202003-867 // 
            
            
            
            NVD: CVE-2019-14299

SOURCES
db:CNVDid:CNVD-2020-19586
db:JVNDBid:JVNDB-2019-014957
db:CNNVDid:CNNVD-202003-867
db:NVDid:CVE-2019-14299

LAST UPDATE DATE
2024-11-23T21:32:11.205000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-19586date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014957date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-867date:2020-11-25T00:00:00
db:NVDid:CVE-2019-14299date:2024-11-21T04:26:24.413

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-19586date:2020-03-26T00:00:00
db:JVNDBid:JVNDB-2019-014957date:2020-03-31T00:00:00
db:CNNVDid:CNNVD-202003-867date:2020-03-13T00:00:00
db:NVDid:CVE-2019-14299date:2020-03-13T19:15:16.697