{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2019-14299","title":"Title"},{"category":"description","text":"Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2019-14299","url":"https://www.suse.com/security/cve/CVE-2019-14299"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2020:3474-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2020-November/007831.html"}],"title":"SUSE CVE CVE-2019-14299","tracking":{"current_release_date":"2025-10-07T09:28:11Z","generator":{"date":"2023-02-15T04:09:54Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2019-14299","initial_release_date":"2023-02-15T04:09:54Z","revision_history":[{"date":"2023-02-15T04:09:54Z","number":"2","summary":"Current version"},{"date":"2025-01-01T06:23:23Z","number":"3","summary":"Current version"},{"date":"2025-02-15T07:03:05Z","number":"4","summary":"Current version"},{"date":"2025-02-17T07:27:50Z","number":"5","summary":"Current version"},{"date":"2025-03-15T10:38:41Z","number":"6","summary":"Current version"},{"date":"2025-04-25T06:08:06Z","number":"7","summary":"Current version"},{"date":"2025-10-07T09:28:11Z","number":"8","summary":"Current version"}],"status":"interim","version":"8"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 5","product":{"name":"SUSE Enterprise Storage 5","product_id":"SUSE Enterprise Storage 5","product_identification_helper":{"cpe":"cpe:/o:suse:ses:5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-espos:12:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product":{"name":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12:sp3"}}},{"category":"product_version","name":"u-boot-rpi3-2016.07-12.3.1","product":{"name":"u-boot-rpi3-2016.07-12.3.1","product_id":"u-boot-rpi3-2016.07-12.3.1","product_identification_helper":{"cpe":"cpe:2.3:a:denx:u-boot:2016.07:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/u-boot-rpi3@2016.07-12.3.1?upstream=u-boot-2016.07-12.3.1.src.rpm"}}},{"category":"product_version","name":"u-boot-tools-2016.07-12.3.1","product":{"name":"u-boot-tools-2016.07-12.3.1","product_id":"u-boot-tools-2016.07-12.3.1","product_identification_helper":{"cpe":"cpe:2.3:a:denx:u-boot:2016.07:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/u-boot-tools@2016.07-12.3.1?upstream=u-boot-2016.07-12.3.1.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"u-boot-rpi3-2016.07-12.3.1 as component of SUSE Enterprise Storage 5","product_id":"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1"},"product_reference":"u-boot-rpi3-2016.07-12.3.1","relates_to_product_reference":"SUSE Enterprise Storage 5"},{"category":"default_component_of","full_product_name":{"name":"u-boot-tools-2016.07-12.3.1 as component of SUSE Enterprise Storage 5","product_id":"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1"},"product_reference":"u-boot-tools-2016.07-12.3.1","relates_to_product_reference":"SUSE Enterprise Storage 5"},{"category":"default_component_of","full_product_name":{"name":"u-boot-rpi3-2016.07-12.3.1 as component of SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-rpi3-2016.07-12.3.1"},"product_reference":"u-boot-rpi3-2016.07-12.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"u-boot-tools-2016.07-12.3.1 as component of SUSE Linux Enterprise Server 12 SP3-ESPOS","product_id":"SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-tools-2016.07-12.3.1"},"product_reference":"u-boot-tools-2016.07-12.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-ESPOS"},{"category":"default_component_of","full_product_name":{"name":"u-boot-rpi3-2016.07-12.3.1 as component of SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1"},"product_reference":"u-boot-rpi3-2016.07-12.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-LTSS"},{"category":"default_component_of","full_product_name":{"name":"u-boot-tools-2016.07-12.3.1 as component of SUSE Linux Enterprise Server 12 SP3-LTSS","product_id":"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1"},"product_reference":"u-boot-tools-2016.07-12.3.1","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP3-LTSS"}]},"vulnerabilities":[{"cve":"CVE-2019-14299","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-14299"}],"notes":[{"category":"general","text":"Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.","title":"CVE description"}],"product_status":{"recommended":["SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1","SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1"]},"references":[{"category":"external","summary":"CVE-2019-14299","url":"https://www.suse.com/security/cve/CVE-2019-14299"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"Advisory link for SUSE-SU-2020:3474-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2020-November/007831.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1","SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1"]}],"scores":[{"cvss_v3":{"baseScore":9.8,"baseSeverity":"CRITICAL","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1","SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-ESPOS:u-boot-tools-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1","SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1"]}],"threats":[{"category":"impact","date":"2020-03-14T00:43:39Z","details":"moderate"}],"title":"CVE-2019-14299"}]}