CVE-2019-14299

EPSS 0.37%
Veröffentlicht 13.03.2020 19:15:16
Zuletzt bearbeitet 21.11.2024 04:26:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ricoh ≫ Sp C250sf Firmware

Ricoh ≫ Sp C250sf Version-

Ricoh ≫ Sp C252sf Firmware

Ricoh ≫ Sp C252sf Version-

Ricoh ≫ Sp C250dn Firmware Version1.05

Ricoh ≫ Sp C250dn Version-

Ricoh ≫ Sp C252dn Firmware

Ricoh ≫ Sp C252dn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://www.ricoh-usa.com/en/support-and-download

Vendor Advisory

https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-14299

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14299

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14299

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-14299