CVE-2018-18894

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:lexmark:6500e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:6500e:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:lexmark:c748_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:c748:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:lexmark:c79x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:c79x:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:lexmark:c925_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:c925:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:lexmark:c95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:c95x:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:lexmark:cs41x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs41x:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:lexmark:cs51x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs51x:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:lexmark:cs748_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs748:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:lexmark:cs796_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cs796:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:lexmark:m3150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m3150:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5155:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:lexmark:m5163_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5163:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:m5170:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms610de:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:lexmark:ms610dte_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms610dte:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms810de:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms812de:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:lexmark:ms91x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:ms91x:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx410:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx510:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx511:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND
cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx610:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND
cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx611:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND
cpe:2.3:o:lexmark:mx6500e_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx6500e:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND
cpe:2.3:o:lexmark:mx71x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx71x:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND
cpe:2.3:o:lexmark:mx81x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx81x:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND
cpe:2.3:o:lexmark:mx91x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:mx91x:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND
cpe:2.3:o:lexmark:sm91x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:sm91x:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND
cpe:2.3:o:lexmark:x46x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x46x:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND
cpe:2.3:o:lexmark:x548_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x548:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND
cpe:2.3:o:lexmark:x65x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x65x:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND
cpe:2.3:o:lexmark:x73x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x73x:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND
cpe:2.3:o:lexmark:x74x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x74x:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND
cpe:2.3:o:lexmark:x792_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x792:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND
cpe:2.3:o:lexmark:x86x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x86x:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND
cpe:2.3:o:lexmark:x925_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x925:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND
cpe:2.3:o:lexmark:x95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:x95x:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND
cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xc2132:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND
cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm1145:-:*:*:*:*:*:*:*

Configuration 42 (hide)

AND
cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm3150:-:*:*:*:*:*:*:*

Configuration 43 (hide)

AND
cpe:2.3:o:lexmark:xm51xx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm51xx:-:*:*:*:*:*:*:*

Configuration 44 (hide)

AND
cpe:2.3:o:lexmark:xm71xx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xm71xx:-:*:*:*:*:*:*:*

Configuration 45 (hide)

AND
cpe:2.3:o:lexmark:xs478_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xs478:-:*:*:*:*:*:*:*

Configuration 46 (hide)

AND
cpe:2.3:o:lexmark:xs548_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xs548:-:*:*:*:*:*:*:*

Configuration 47 (hide)

AND
cpe:2.3:o:lexmark:xs79x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xs79x:-:*:*:*:*:*:*:*

Configuration 48 (hide)

AND
cpe:2.3:o:lexmark:xs925_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xs925:-:*:*:*:*:*:*:*

Configuration 49 (hide)

AND
cpe:2.3:o:lexmark:xs95x_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:lexmark:xs95x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:56

Type Values Removed Values Added
References () http://support.lexmark.com/alerts - Vendor Advisory () http://support.lexmark.com/alerts - Vendor Advisory
References () http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US - Vendor Advisory () http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US - Vendor Advisory

Information

Published : 2020-03-10 13:15

Updated : 2024-11-21 03:56


NVD link : CVE-2018-18894

Mitre link : CVE-2018-18894

CVE.ORG link : CVE-2018-18894


JSON object : View

Products Affected

lexmark

  • xs925_firmware
  • c79x
  • xs95x
  • cs748
  • m5163_firmware
  • mx410
  • mx610_firmware
  • x73x
  • m5170_firmware
  • xs79x_firmware
  • x74x_firmware
  • cs41x_firmware
  • ms810de_firmware
  • x73x_firmware
  • ms812de
  • c748_firmware
  • mx511
  • ms610de_firmware
  • cs51x
  • mx510_firmware
  • x65x
  • mx81x_firmware
  • xm71xx
  • sm91x
  • xs478
  • xc2132_firmware
  • cs748_firmware
  • ms610de
  • sm91x_firmware
  • c79x_firmware
  • ms810de
  • c95x
  • c748
  • xm3150
  • mx6500e_firmware
  • ms91x_firmware
  • x792_firmware
  • m3150
  • mx610
  • mx510
  • x925
  • xm1145_firmware
  • mx71x
  • cs796_firmware
  • mx410_firmware
  • 6500e_firmware
  • cs796
  • cx510
  • xm51xx
  • cx410_firmware
  • x46x_firmware
  • x925_firmware
  • xs925
  • cx410
  • x548_firmware
  • xs548
  • xc2132
  • ms91x
  • mx71x_firmware
  • mx6500e
  • xm1145
  • c925
  • cs51x_firmware
  • x95x
  • xm71xx_firmware
  • xs95x_firmware
  • xs79x
  • mx81x
  • mx511_firmware
  • mx91x
  • ms610dte
  • m5155
  • x74x
  • c95x_firmware
  • ms610dte_firmware
  • c925_firmware
  • x46x
  • mx91x_firmware
  • x65x_firmware
  • x86x
  • x792
  • m3150_firmware
  • xm51xx_firmware
  • x86x_firmware
  • mx611
  • xm3150_firmware
  • cs41x
  • xs478_firmware
  • ms812de_firmware
  • x95x_firmware
  • m5170
  • cx510_firmware
  • m5163
  • 6500e
  • mx611_firmware
  • m5155_firmware
  • xs548_firmware
  • x548
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')