Overview
- Description
- Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ricoh:sp_c250sf:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B0AE2EE3-D763-4C69-BFC7-67DBAE2EA67B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ricoh:sp_c250sf_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "775D91D0-68A3-4FEA-86F0-F4D408477732",
"versionEndExcluding": "1.13"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ricoh:sp_c252sf:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A179F7DB-F558-4C34-8225-1A716C6E0E3D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ricoh:sp_c252sf_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E807AEA0-1B04-4D20-B07A-DCFDF15892C9",
"versionEndExcluding": "1.13"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ricoh:sp_c250dn:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B2BF7618-7900-472C-A9FA-4B81514CB82D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ricoh:sp_c250dn_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FE51E36-799C-4466-92E5-AB3965E0A562",
"versionEndExcluding": "1.07"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ricoh:sp_c252dn:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ECD9F0BC-7A61-4D8B-A278-C7224C20686A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ricoh:sp_c252dn_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F8BC805-7C0F-4C59-8C7F-930899951F27",
"versionEndExcluding": "1.07"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]