JVN#11708203
Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)
Overview
Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflow vulnerabilities.
Products Affected
A wide range of the products is affected.
For more information, refer to the information provided by the developer.
Description
Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below.
- Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8 CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5 - Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8 CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5 - Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8 CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5 - Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308
CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8 CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
Impact
A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code.
Solution
Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| RICOH COMPANY, LTD. | Vulnerable | 2019/09/13 | RICOH COMPANY, LTD. website |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2019-14300 |
|
CVE-2019-14305 |
|
|
CVE-2019-14307 |
|
|
CVE-2019-14308 |
|
| JVN iPedia |
JVNDB-2019-000058 |
Update History
- 2020/02/25
- Information under the section "Products Affected" was updated.