CVE-2018-18894

CWE-22 — Path Traversal3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 49.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lexmark 6500e Firmware Lexmark C748 Firmware Lexmark C79x Firmware +46 more

Timeline

PublishedMar 10

Latest updateMay 24

Description

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages49 packages

▶NVDlexmark/6500e_firmware< lhs60.jr.p683

▶NVDlexmark/mx6500e_firmwarelw71.jd.p216

▶NVDlexmark/c748_firmware< lhs60.cm4.p683

▶NVDlexmark/c79x_firmware< lhs60.hc.p683

▶NVDlexmark/c925_firmware< lhs60.hv.p683

🔴Vulnerability Details

GHSA

GHSA-26xq-4h5f-fhh8: Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server↗2022-05-24

▶

CVEList

CVE-2018-18894: Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server↗2020-03-10

▶