Specific Ricoh MFP and Printer Products - Session Management Vulnerability (CVE-2024-21824)
First published: 06:00 pm on March 06, 2024 (2024-03-06T16:00:00+09:00)
Ricoh Company, Ltd.
A vulnerability in Web Based Management could allow an unauthenticated, remote attacker to log into the server settings screen by using cookie values taken through eavesdropped communications or by attacks to the user's web browser.
List 1 below shows the vulnerable products and services. Ricoh offers countermeasures as detailed in the listed links.
Vulnerability Information ID | ricoh-2024-000002 |
Version | 1.00E |
CVE ID(CWE ID) | CVE-2024-21824 (CWE-287) |
CVSSv3 score | 5.3 MEDIUM |
List 1: Ricoh products and services affected by this vulnerability
Product/service | Link to details |
SP 230DNw | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000166-2024-000002 |
P 201W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000167-2024-000002 |
M 340W | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000168-2024-000002 |
SP 230SFNw | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000169-2024-000002 |
M 340FW | Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000170-2024-000002 |
Contact
Please contact your local Ricoh representative or dealer if you have any queries.
History:
2024-03-06T16:00:00+09:00 : 1.00E Initial public release
News
Keep up to date
- 04Dec
Ricoh selected amongst the Financial Times “Best Employers Asia- Pacific 2025”
- 27Nov
Ricoh received top five-star rating in the SDGs Management edition of Nikkei Sustainable Comprehensive Survey 2024
- 14Nov
Ricoh IM C320F Wins a 2025 Pick Award from Keypoint Intelligence
- 31Oct
Ricoh publishes Ricoh Group Integrated Report 2024 and Ricoh Group Environmental Report 2024