CVE-2019-14306
high-risk
Published 2020-01-10
Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2).
Do I need to act?
-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Sp C250Sf Firmware
Sp C252Sf Firmware
Sp C250Dn Firmware
Sp C252Dn Firmware
Sp 330Sn Firmware
Sp 330Sfn Firmware
Sp 330Dn Firmware
Sp 3710Sf Firmware
Sp 3710Dn Firmware
Sp C260Dnw Firmware
Sp C260Sfnw Firmware
Sp C261Dnw Firmware
Sp C261Sfnw Firmware
Sp C262Sfnw Firmware
Sp C262Dnw Firmware
Mp 2014 Firmware
Mp 2014D Firmware
Mp 2014Ad Firmware
M 2700 Firmware
M 2701 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://jvn.jp/en/jp/JVN52962201/index.html
Vendor Advisory
https://www.ricoh.com/info/2019/0823_1/
Third Party Advisory
http://jvn.jp/en/jp/JVN52962201/index.html
Vendor Advisory
https://www.ricoh.com/info/2019/0823_1/
53
/ 100
high-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
25/34 · High