PT-2020-9544 · Ricoh+1 · Ricoh Sp C250Dn+1
Published
2020-03-13
·
Updated
2020-11-20
·
CVE-2019-14299
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Ricoh SP C250DN version 1.05
Description:
The issue concerns an authentication method that is vulnerable to brute force attacks. Specifically, some Ricoh printers, including the affected version, did not implement account lockout. This oversight made it possible to obtain local account credentials by using brute force methods.
Recommendations:
For Ricoh SP C250DN version 1.05, consider implementing account lockout policies to prevent brute force attacks. As a temporary workaround, restrict access to the device's authentication mechanism until a patch or fix is available.
Fix
Improper Restriction of Excessive Authentication Attempts
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ricoh Sp C250Dn
Suse