CVE-2018-18894

Published: Mar 10, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

Affected (49)

Products: Lexmark: 6500e Firmware, C748 Firmware, C79x Firmware, C925 Firmware, C95x Firmware, Cs41x Firmware, Cs51x Firmware, Cs748 Firmware, Cs796 Firmware, Cx410 Firmware, Cx510 Firmware, M3150 Firmware, M5155 Firmware, M5163 Firmware, M5170 Firmware, Ms610de Firmware, Ms610dte Firmware, Ms810de Firmware, Ms812de Firmware, Ms91x Firmware, Mx410 Firmware, Mx510 Firmware, Mx511 Firmware, Mx610 Firmware, Mx611 Firmware, Mx6500e Firmware, Mx71x Firmware, Mx81x Firmware, Mx91x Firmware, Sm91x Firmware, X46x Firmware, X548 Firmware, X65x Firmware, X73x Firmware, X74x Firmware, X792 Firmware, X86x Firmware, X925 Firmware, X95x Firmware, Xc2132 Firmware, Xm1145 Firmware, Xm3150 Firmware, Xm51xx Firmware, Xm71xx Firmware, Xs478 Firmware, Xs548 Firmware, Xs79x Firmware, Xs925 Firmware, Xs95x Firmware

49 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark 6500e Firmware	Before lhs60.jr.p683

Running on/with	Platform Versions
Lexmark 6500e	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C748 Firmware	Before lhs60.cm4.p683

Running on/with	Platform Versions
Lexmark C748	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C79x Firmware	Before lhs60.hc.p683

Running on/with	Platform Versions
Lexmark C79x	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C925 Firmware	Before lhs60.hv.p683

Running on/with	Platform Versions
Lexmark C925	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark C95x Firmware	Before lhs60.tp.p683

Running on/with	Platform Versions
Lexmark C95x	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs41x Firmware	Before lw71.vy2.p216

Running on/with	Platform Versions
Lexmark Cs41x	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs51x Firmware	Before lw71.vy4.p216

Running on/with	Platform Versions
Lexmark Cs51x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs748 Firmware	Up to lhs60.cm4.p683

Running on/with	Platform Versions
Lexmark Cs748	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cs796 Firmware	Before lhs60.hc.p683

Running on/with	Platform Versions
Lexmark Cs796	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx410 Firmware	Before lw71.gm4.p216

Running on/with	Platform Versions
Lexmark Cx410	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Cx510 Firmware	Before lw71.gm7.p216

Running on/with	Platform Versions
Lexmark Cx510	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M3150 Firmware	Before lw71.pr4.p216

Running on/with	Platform Versions
Lexmark M3150	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5155 Firmware	Before lw71.dn4.p216

Running on/with	Platform Versions
Lexmark M5155	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5163 Firmware	Before lw71.dn4.p216

Running on/with	Platform Versions
Lexmark M5163	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark M5170 Firmware	Before lw71.dn7.p216

Running on/with	Platform Versions
Lexmark M5170	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610de Firmware	Before lw71.pr4.p216

Running on/with	Platform Versions
Lexmark Ms610de	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms610dte Firmware	Before lw71.pr4.p216

Running on/with	Platform Versions
Lexmark Ms610dte	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms810de Firmware	Before lw71.dn4.p216

Running on/with	Platform Versions
Lexmark Ms810de	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms812de Firmware	Before lw71.dn7.p216

Running on/with	Platform Versions
Lexmark Ms812de	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Ms91x Firmware	Before lw71.sa.p216

Running on/with	Platform Versions
Lexmark Ms91x	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx410 Firmware	Before lw71.sb4.p216

Running on/with	Platform Versions
Lexmark Mx410	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx510 Firmware	Before lw71.sb4.p216

Running on/with	Platform Versions
Lexmark Mx510	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx511 Firmware	Before lw71.sb4.p216

Running on/with	Platform Versions
Lexmark Mx511	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx610 Firmware	Before lw71.sb7.p216

Running on/with	Platform Versions
Lexmark Mx610	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx611 Firmware	Before lw71.sb7.p216

Running on/with	Platform Versions
Lexmark Mx611	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx6500e Firmware	Up to lw71.jd.p216

Running on/with	Platform Versions
Lexmark Mx6500e	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx71x Firmware	Before lw71.tu.p216

Running on/with	Platform Versions
Lexmark Mx71x	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx81x Firmware	Before lw71.tu.p216

Running on/with	Platform Versions
Lexmark Mx81x	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Mx91x Firmware	Before lw71.mg.p216

Running on/with	Platform Versions
Lexmark Mx91x	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Sm91x Firmware	Before lw71.mg.p216

Running on/with	Platform Versions
Lexmark Sm91x	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X46x Firmware	Before lr.bs.p810

Running on/with	Platform Versions
Lexmark X46x	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X548 Firmware	Before lhs60.vk.p683

Running on/with	Platform Versions
Lexmark X548	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X65x Firmware	Before lr.mn.p810

Running on/with	Platform Versions
Lexmark X65x	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X73x Firmware	Before lr.fl.p810

Running on/with	Platform Versions
Lexmark X73x	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X74x Firmware	Before lhs60.ny.p683

Running on/with	Platform Versions
Lexmark X74x	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X792 Firmware	Before lhs60.mr.p683

Running on/with	Platform Versions
Lexmark X792	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X86x Firmware	Before lr.sp.p810

Running on/with	Platform Versions
Lexmark X86x	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X925 Firmware	Before lhs60.hk.p683

Running on/with	Platform Versions
Lexmark X925	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark X95x Firmware	Before lhs60.tq.p683

Running on/with	Platform Versions
Lexmark X95x	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xc2132 Firmware	Before lw71.gm7.p216

Running on/with	Platform Versions
Lexmark Xc2132	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm1145 Firmware	Before lw71.sb4.p216

Running on/with	Platform Versions
Lexmark Xm1145	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm3150 Firmware	Before lw71.sb7.p216

Running on/with	Platform Versions
Lexmark Xm3150	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm51xx Firmware	Before lw71.tu.p216

Running on/with	Platform Versions
Lexmark Xm51xx	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xm71xx Firmware	Before lw71.tu.p216

Running on/with	Platform Versions
Lexmark Xm71xx	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs478 Firmware	Before lhs60.ny.p683

Running on/with	Platform Versions
Lexmark Xs478	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs548 Firmware	Before lhs60.vk.p683

Running on/with	Platform Versions
Lexmark Xs548	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs79x Firmware	Before lhs60.mr.p683

Running on/with	Platform Versions
Lexmark Xs79x	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs925 Firmware	Before lhs60.hk.p683

Running on/with	Platform Versions
Lexmark Xs925	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Lexmark Xs95x Firmware	Before lhs60.tq.p683

Running on/with	Platform Versions
Lexmark Xs95x	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

http://support.lexmark.com/alerts

Source: cve@mitre.org

Vendor Advisory

http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US

Source: cve@mitre.org

Vendor Advisory

http://support.lexmark.com/alerts

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.