Vulnerabilities > CVE-2019-14299 - Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ricoh

CWE-307

critical

NVD

Published: 2020-03-13

Updated: 2020-08-24

Summary

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

Vulnerable Configurations

Part	Description	Count
OS	Ricoh Ricoh SP C250Sf Firmware * Ricoh SP C252Sf Firmware * Ricoh SP C250Dn Firmware 1.05 Ricoh SP C252Dn Firmware *	4
Hardware	Ricoh Ricoh SP C250Sf - Ricoh SP C252Sf - Ricoh SP C250Dn - Ricoh SP C252Dn -	4

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/
https://www.ricoh-usa.com/en/support-and-download