JVN#52962201
Multiple vulnerabilities in RICOH printers

Overview

RICOH printers contain multiple vulnerabilities.

Products Affected

A wide range of the products is affected.
For more information, refer to the information provided by the developer.

Description

Multiple RICOH printers contain multiple vulnerabilities listed below.

• Information Disclosure (CWE-200) - CVE-CVE-2019-14301

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:N/A:N	Base Score: 3.3

• Improper Access Control (CWE-284) - CVE-2019-14302

  CVSS v3	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
  CVSS v2	AV:L/AC:L/Au:N/C:P/I:P/A:P	Base Score: 4.6

• Cross-site Request Forgery (CWE-352) - CVE-2019-14304

  CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	Base Score: 5.4
  CVSS v2	AV:N/AC:H/Au:N/C:N/I:P/A:P	Base Score: 4.0

• Improper Authentication (CWE-287) - CVE-2019-14306

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:N/A:N	Base Score: 3.3

Impact

• A user who can access the device may access the debugging Web page and obtain sensitive information - CVE-2019-14301
• A user who can physically access the device may execute arbitrary code, alter settings, and/or disable the function - CVE-2019-14302
• If a user accesses a specially crafted page, unintended operations such as changing settings of the device may be performed - CVE-2019-14304
• A user who can access the device may the device settings information - CVE-2019-14306

Solution

Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.