1. Home
  2. Security Alerts
  3. Specific Ricoh MFP and Printer Products - Session Management Vulnerability (CVE-2024-21824)

Specific Ricoh MFP and Printer Products - Session Management Vulnerability (CVE-2024-21824)

06 Mar 2024

First published: 06:00 pm on March 06, 2024 (2024-03-06T16:00:00+09:00)
Ricoh Company, Ltd.

A vulnerability in Web Based Management could allow an unauthenticated, remote attacker to log into the server settings screen by using cookie values taken through eavesdropped communications or by attacks to the user's web browser.

List 1 below shows the vulnerable products and services. Ricoh offers countermeasures as detailed in the listed links.

Vulnerability Information IDricoh-2024-000002
Version1.00E
CVE ID(CWE ID)CVE-2024-21824 (CWE-287)
CVSSv3 score5.3  MEDIUM 

List 1: Ricoh products and services affected by this vulnerability

Product/service  Link to details
SP 230DNwAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000166-2024-000002
P 201WAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000167-2024-000002
M 340WAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000168-2024-000002
SP 230SFNwAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000169-2024-000002
M 340FWAffected. For details, please refer to the following URL.
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000170-2024-000002

Contact

Please contact your local Ricoh representative or dealer if you have any queries.

History:

2024-03-06T16:00:00+09:00 : 1.00E Initial public release

News

Keep up to date

News