|
[Japanese]
|
JVNDB-2024-000070
|
Out-of-bounds write vulnerability in Ricoh MFPs and printers
|
|
MFPs (multifunction printers) and printers provided by Ricoh Company, Ltd. contain an out-of-bounds write vulnerability (CWE-787).
Ricoh Company, Ltd. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and Ricoh Company, Ltd. coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 8.2 (High) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: High
|
|
|
Ricoh Co., Ltd
|
- IM C3510/C3010 firmware versions prior to System/Copy 2.00-00
- IM C6010/C5510/C4510 firmware versions prior to System/Copy 2.00-00
- IM C2510/C2010 firmware versions prior to System/Copy 2.00-00
- IM C7010 firmware versions prior to System/Copy 1.05-00
- IM 460F/460FTL/370/370F firmware versions prior to System/Copy 1.10-00
- IP C8500 firmware versions prior to System 1.04-00
|
|
If a remote attacker sends a specially crafted request to the affected products, the products may be able to cause a denial-of-service (DoS) condition and/or user's data may be destroyed.
|
|
[Update the Firmware]
Update the firmware to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following versions:
* IM C3510/C3010 firmware versions prior to System/Copy 2.00-00
* IM C6010/C5510/C4510 firmware versions prior to System/Copy 2.00-00
* IM C2510/C2010 firmware versions prior to System/Copy 2.00-00
* IM C7010 firmware versions prior to System/Copy 1.05-00
* IM 460F/460FTL/370/370F firmware versions prior to System/Copy 1.10-00
* IP C8500 firmware versions prior to System 1.04-00
|
|
Ricoh Co., Ltd
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2024-39927
|
|
- JVN : JVN#14294633
|
|
- [2024/07/10]
Web page was published
|
