Specific Ricoh MFP and Printer Products - Session Management Vulnerability (CVE-2024-21824)

06 Mar 2024

First published: 06:00 pm on March 06, 2024 (2024-03-06T16:00:00+09:00)
Ricoh Company, Ltd.

A vulnerability in Web Based Management could allow an unauthenticated, remote attacker to log into the server settings screen by using cookie values taken through eavesdropped communications or by attacks to the user's web browser.

List 1 below shows the vulnerable products and services. Ricoh offers countermeasures as detailed in the listed links.

Vulnerability Information ID	ricoh-2024-000002
Version	1.00E
CVE ID(CWE ID)	CVE-2024-21824 (CWE-287)
CVSSv3 score	5.3 MEDIUM

List 1: Ricoh products and services affected by this vulnerability

Product/service	Link to details
SP 230DNw	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000166-2024-000002
P 201W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000167-2024-000002
M 340W	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000168-2024-000002
SP 230SFNw	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000169-2024-000002
M 340FW	Affected. For details, please refer to the following URL. https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000170-2024-000002

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-03-06T16:00:00+09:00 : 1.00E Initial public release

News

Keep up to date

News