CVE-2019-14299
moderate-risk
Published 2020-03-13
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
Do I need to act?
-
0.37% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (4)
Sp C250Sf Firmware
Sp C252Sf Firmware
Sp C250Dn Firmware
Sp C252Dn Firmware
Affected Vendors
References (4)
Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabi...
Vendor Advisory
https://www.ricoh-usa.com/en/support-and-download
Third Party Advisory
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabi...
Vendor Advisory
https://www.ricoh-usa.com/en/support-and-download
43
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
10/34 · Low