Vulnerabilities > CVE-2019-14299 - Improper Restriction of Excessive Authentication Attempts vulnerability in Ricoh products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ricoh

CWE-307

NVD

Published: 2020-03-13

Updated: 2020-08-24

Summary

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

Vulnerable Configurations

Part	Description	Count
OS	Ricoh Ricoh SP C250Sf Firmware * Ricoh SP C252Sf Firmware * Ricoh SP C250Dn Firmware 1.05 Ricoh SP C252Dn Firmware *	4
Hardware	Ricoh Ricoh SP C250Sf - Ricoh SP C252Sf - Ricoh SP C250Dn - Ricoh SP C252Dn -	4

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/
https://www.ricoh-usa.com/en/support-and-download