CVE-2019-14310

Published Mar 13, 2020

Last updated 4 years ago

CVSS critical 9.8

Overview

Description: Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:sp_c250sf_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D5B3F9E-EFE6-4B4D-A77D-857543C5FD7A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:sp_c250sf:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0AE2EE3-D763-4C69-BFC7-67DBAE2EA67B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:sp_c252sf_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12DDFC54-73AD-474E-9150-ED2FBB418ECE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:sp_c252sf:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A179F7DB-F558-4C34-8225-1A716C6E0E3D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:sp_c250dn_firmware:1.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BA52538-4A4E-4927-A7EB-38D14B384FA5"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:sp_c250dn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B2BF7618-7900-472C-A9FA-4B81514CB82D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:ricoh:sp_c252dn_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BA1CCD6-3773-45A1-9A3D-31235783B2C4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ricoh:sp_c252dn:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "ECD9F0BC-7A61-4D8B-A278-C7224C20686A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References