Published:2024/07/10  Last Updated:2024/07/10

JVN#14294633
Out-of-bounds write vulnerability in Ricoh MFPs and printers

Overview

MFPs (multifunction printers) and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability.

Products Affected

  • IM C3510/C3010 firmware versions prior to System/Copy 2.00-00
  • IM C6010/C5510/C4510 firmware versions prior to System/Copy 2.00-00
  • IM C2510/C2010 firmware versions prior to System/Copy 2.00-00
  • IM C7010 firmware versions prior to System/Copy 1.05-00
  • IM 460F/460FTL/370/370F firmware versions prior to System/Copy 1.10-00
  • IP C8500 firmware versions prior to System 1.04-00

Description

MFPs and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability (CWE-787).

Impact

If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed.

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:

  • IM C3510/C3010 System/Copy 2.00-00
  • IM C6010/C5510/C4510 System/Copy 2.00-00
  • IM C2510/C2010 System/Copy 2.00-00
  • IM C7010 System/Copy 1.05-00
  • IM 460F/460FTL/370/370F System/Copy 1.10-00
  • IP C8510 System 1.04-00

Vendor Status

Vendor Link
Ricoh Company, Ltd. ricoh-2024-000008 | Specific Ricoh MFP and Printer Products - Buffer overflow vulnerability(CVE-2024- 39927)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Base Score: 8.2
Attack Vector(AV) Physical (P) Local (L) Adjacent (A) Network (N)
Attack Complexity(AC) High (H) Low (L)
Privileges Required(PR) High (H) Low (L) None (N)
User Interaction(UI) Required (R) None (N)
Scope(S) Unchanged (U) Changed (C)
Confidentiality Impact(C) None (N) Low (L) High (H)
Integrity Impact(I) None (N) Low (L) High (H)
Availability Impact(A) None (N) Low (L) High (H)

Credit

Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2024-39927
JVN iPedia JVNDB-2024-000070