Lucene search

[email protected]CVE-2018-18894

HistoryMar 10, 2020 - 1:15 p.m.

CVE-2018-18894

2020-03-1013:15:00

CWE-22

[email protected]

web.nvd.nist.gov

lexmark devices

directory traversal

cve-2018-18894

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.4%

JSON

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

CPENameOperatorVersion
lexmark:6500e_firmwarelexmark 6500e firmwareltlhs60.jr.p683
lexmark:c748_firmwarelexmark c748 firmwareltlhs60.cm4.p683
lexmark:c79x_firmwarelexmark c79x firmwareltlhs60.hc.p683
lexmark:c925_firmwarelexmark c925 firmwareltlhs60.hv.p683
lexmark:c95x_firmwarelexmark c95x firmwareltlhs60.tp.p683
lexmark:cs41x_firmwarelexmark cs41x firmwareltlw71.vy2.p216
lexmark:cs51x_firmwarelexmark cs51x firmwareltlw71.vy4.p216
lexmark:cs748_firmwarelexmark cs748 firmwarelelhs60.cm4.p683
lexmark:cs796_firmwarelexmark cs796 firmwareltlhs60.hc.p683
lexmark:cx410_firmwarelexmark cx410 firmwareltlw71.gm4.p216

CPE	Name	Operator	Version
lexmark:6500e_firmware	lexmark 6500e firmware	lt	lhs60.jr.p683
lexmark:c748_firmware	lexmark c748 firmware	lt	lhs60.cm4.p683
lexmark:c79x_firmware	lexmark c79x firmware	lt	lhs60.hc.p683
lexmark:c925_firmware	lexmark c925 firmware	lt	lhs60.hv.p683
lexmark:c95x_firmware	lexmark c95x firmware	lt	lhs60.tp.p683
lexmark:cs41x_firmware	lexmark cs41x firmware	lt	lw71.vy2.p216
lexmark:cs51x_firmware	lexmark cs51x firmware	lt	lw71.vy4.p216
lexmark:cs748_firmware	lexmark cs748 firmware	le	lhs60.cm4.p683
lexmark:cs796_firmware	lexmark cs796 firmware	lt	lhs60.hc.p683
lexmark:cx410_firmware	lexmark cx410 firmware	lt	lw71.gm4.p216

Rows per page:

1-10 of 491

References

support.lexmark.com/alerts

support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2018-18894

cvelist1 prion1