Published:2019/09/13  Last Updated:2019/09/13

JVN#11708203
Multiple buffer overflow vulnerabilities in multiple Ricoh printers and Multifunction Printers (MFPs)

Overview

Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflow vulnerabilities.

Products Affected

  • SP C250SF firmware versions prior to ver.1.13
  • SP C252SF firmware versions prior to ver.1.13
  • SP C250DN firmware versions prior to ver.1.07
  • SP C252DN firmware versions prior to ver.1.07

Description

Multiple printers and Multifunction Printers (MFPs) provided by RICOH COMPANY, LTD. contain multiple buffer overflows vulnerabilities listed below.

  • Buffer overflow in parsing HTTP cookie header (CWE-119) - CVE-2019-14300
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
  • Buffer overflow in parsing HTTP parameter setting for Wifi, mDNS, POP3, SMTP and alert (CWE-119) - CVE-2019-14305
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
  • Buffer overflow in parsing HTTP parameter setting for SNMP (CWE-119) - CVE-2019-14307
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5
  • Buffer overflow in parsing LPD packet (CWE-119) - CVE-2019-14308
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:P/A:P Base Score: 7.5

Impact

A remote attacker may be able to cause a denial-of-service (DoS) condition or may execute arbitrary code.

Solution

Update the Firmware
Apply the appropriate firmware update according to the information provided by the developer.

Vendor Status

Vendor Status Last Update Vendor Notes
RICOH COMPANY, LTD. Vulnerable 2019/09/13 RICOH COMPANY, LTD. website

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2019-14300
CVE-2019-14305
CVE-2019-14307
CVE-2019-14308
JVN iPedia JVNDB-2019-000058