CVE-2018-18894

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

CVSS v3.0 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://support.lexmark.com/alerts	Vendor Advisory
http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:lexmark:6500e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:6500e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:lexmark:c748_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c748:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:lexmark:c79x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c79x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:lexmark:c925_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c925:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lexmark:c95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:c95x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:lexmark:cs41x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs41x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:lexmark:cs51x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs51x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:lexmark:cs748_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs748:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:lexmark:cs796_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cs796:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:lexmark:m3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m3150:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:lexmark:m5163_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5163:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms610de:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:lexmark:ms610dte_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms610dte:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms810de:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms812de:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:lexmark:ms91x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:ms91x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx410:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx510:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx511:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx610:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx611:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:lexmark:mx6500e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx6500e:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:lexmark:mx71x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx71x:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:lexmark:mx81x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx81x:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:lexmark:mx91x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:mx91x:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:lexmark:sm91x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:sm91x:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:lexmark:x46x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x46x:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:lexmark:x548_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x548:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:lexmark:x65x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x65x:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:lexmark:x73x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x73x:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:lexmark:x74x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x74x:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:lexmark:x792_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x792:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:lexmark:x86x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x86x:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:lexmark:x925_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x925:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:lexmark:x95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:x95x:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xc2132:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm1145:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND

cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm3150:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND

cpe:2.3:o:lexmark:xm51xx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm51xx:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND

cpe:2.3:o:lexmark:xm71xx_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xm71xx:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND

cpe:2.3:o:lexmark:xs478_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xs478:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND

cpe:2.3:o:lexmark:xs548_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xs548:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND

cpe:2.3:o:lexmark:xs79x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xs79x:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND

cpe:2.3:o:lexmark:xs925_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xs925:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND

cpe:2.3:o:lexmark:xs95x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:lexmark:xs95x:-:*:*:*:*:*:*:*

Information

Published : 2020-03-10 06:15

Updated : 2020-03-20 08:51

NVD link : CVE-2018-18894

Mitre link : CVE-2018-18894

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

lexmark

m5155_firmware
x86x_firmware
ms610dte_firmware
cs41x
xs548
mx610
x65x_firmware
xm3150
xs925_firmware
x95x
cs796
c925
6500e
m5170
mx81x
x74x_firmware
mx410_firmware
c748_firmware
m5170_firmware
cx410_firmware
ms810de
mx510
mx6500e_firmware
cx410
xm1145_firmware
mx511
xc2132
x65x
xs95x
x792_firmware
c79x
xs548_firmware
mx510_firmware
x46x_firmware
xs925
ms812de
m5163
m5155
c748
ms91x_firmware
x548
xm51xx
sm91x
mx410
c79x_firmware
ms610dte
cx510_firmware
mx91x_firmware
x73x_firmware
c95x
cs41x_firmware
m3150
xs478_firmware
mx611_firmware
xs79x_firmware
6500e_firmware
m3150_firmware
x95x_firmware
cs748_firmware
cs748
xm71xx
xs478
mx71x_firmware
mx91x
ms812de_firmware
x925
x74x
xm51xx_firmware
xc2132_firmware
ms610de
cs51x_firmware
xm71xx_firmware
x46x
mx81x_firmware
xs95x_firmware
cs796_firmware
mx71x
mx610_firmware
sm91x_firmware
xm3150_firmware
c925_firmware
x73x
cx510
ms610de_firmware
cs51x
x925_firmware
ms91x
mx6500e
mx511_firmware
xm1145
m5163_firmware
x548_firmware
ms810de_firmware
x86x
xs79x
mx611
x792
c95x_firmware

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2018-18894

7.5^/10

5.0^/10

Attach tags to `CVE-2018-18894`