Specific Ricoh MFP and Printer Products - Buffer overflow vulnerability(CVE-2024-39927) in IM 370/370F/460F/460FTL

: Last updated: 04:00 am on July 11, 2024 (2024-07-11T13:00:00+09:00); First published: 03:00 am on July 09, 2024 (2024-07-09T12:00:00+09:00); Ricoh Company, Ltd.

Ricoh has identified a buffer overflow vulnerability(CVE-2024-39927) affecting IM 370/370F/460F/460FTL.

Advisory ID

ricoh-prod000160-2024-000008
Version

1.02E
CVE ID (CWE ID)

CVE-2024-39927 ( CWE-787 )
CVSSv3 base score

8.2HIGH

Potential impact

There is a possibility of a denial of service (DoS) attack or partial data destruction caused by a remote attacker.
No arbitrary code can be executed.

Affected components and versions

Products or Services	Components	Versions
IM 370/370F/460F/460FTL	Firmware	Prior to System/Copy 1.10-00

How to view the firmware version:
1. Access Web Image Monitor from your browser.
https://"IP address or hostname of the device"
2. Log in with Administrator privileges.
3. Navigate to Device Management > Configuration > Device Settings > Firmware Update

Resolution

Please download the updated firmware at the following links:
https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/im370/im370.htm

Contact:

Please contact your local Ricoh representative or dealer if you have any queries.

History :
2024-07-11T13:00:00+09:00 : 1.02E Updated affected versions
2024-07-09T19:00:00+09:00 : 1.01E Updated CVSSv3 score
2024-07-09T12:00:00+09:00 : 1.00E Initial public release

The distribution URL of this page:
https://www.ricoh.com/products/security/vulnerabilities/adv?id=ricoh-prod000160-2024-000008 Please note that any copy or paraphrase of the text of this document that differs in content from the distribution URL link, or omits the URL, is an uncontrolled copy and may lack important information or contain factual errors.