nvd-json-data-feeds/CVE-2019/CVE-2019-143xx/CVE-2019-14310.json

{
  "id": "CVE-2019-14310",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2020-03-13T19:15:16.917",
  "lastModified": "2020-08-24T17:37:01.140",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets"
    },
    {
      "lang": "es",
      "value": "Los dispositivos Ricoh SP C250DN versi\u00f3n 1.05, permiten una denegaci\u00f3n de servicio (problema 2 de 3).  Los paquetes dise\u00f1ados no autenticados en el servicio IPP causar\u00e1n que un dispositivo vulnerable se bloquee.  Se ha identificado una corrupci\u00f3n de la memoria en la manera en como el dispositivo incorporado analiz\u00f3 los paquetes IPP"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ricoh:sp_c250sf_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5B3F9E-EFE6-4B4D-A77D-857543C5FD7A"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ricoh:sp_c250sf:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0AE2EE3-D763-4C69-BFC7-67DBAE2EA67B"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ricoh:sp_c252sf_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12DDFC54-73AD-474E-9150-ED2FBB418ECE"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ricoh:sp_c252sf:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A179F7DB-F558-4C34-8225-1A716C6E0E3D"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ricoh:sp_c250dn_firmware:1.05:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA52538-4A4E-4927-A7EB-38D14B384FA5"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ricoh:sp_c250dn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2BF7618-7900-472C-A9FA-4B81514CB82D"
            }
          ]
        }
      ]
    },
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:ricoh:sp_c252dn_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BA1CCD6-3773-45A1-9A3D-31235783B2C4"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:ricoh:sp_c252dn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECD9F0BC-7A61-4D8B-A278-C7224C20686A"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-ricoh-printers/",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.ricoh-usa.com/en/support-and-download",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}