CVE-2019-14304

Vulnerability

CVE-2019-14304 is a Cross-site Request Forgery (CSRF) vulnerability in the web interface of Ricoh SP C250DN printers running firmware version 1.06 [1]. The device's administrative web application does not properly validate the origin of HTTP requests, allowing an attacker to perform unintended operations on behalf of an authenticated user [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious web page that contains a forged HTTP request targeting the printer's web interface. The attacker must convince an authenticated user (e.g., an administrator) to visit the attacker's page, either by clicking a link or simply loading the page in a browser. Since the victim already holds an active session with the printer, the attacker's forged request is executed with the victim's privileges [1]. No additional authentication or network position is required beyond the attacker's ability to serve a web page reachable by the victim.

Impact

Successful exploitation allows the attacker to perform unintended operations on the printer, such as changing device settings [1]. This can lead to alteration of network configuration, security settings, or other administrative parameters. The CVSS v3 base score is 5.4 (Medium) with low impact on integrity and availability, and no impact on confidentiality [1].

Mitigation

The vendor, Ricoh, has released firmware updates to address this vulnerability [1]. Users should apply the appropriate firmware update for their device as provided by Ricoh's support channels [1]. No workaround is mentioned in the available references.