Sign-up

ID

VAR-202003-1250


CVE

CVE-2018-18894


TITLE

plural Lexmark Path traversal vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2018-016239

DESCRIPTION

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server. plural Lexmark A path traversal vulnerability exists in the device.Information may be obtained. Lexmark CX410 is a printer of Lexmark Corporation. Attackers can use this vulnerability to access sensitive files

Trust: 2.16

sources: NVD: CVE-2018-18894 // JVNDB: JVNDB-2018-016239 // CNVD: CNVD-2020-29733

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-29733

AFFECTED PRODUCTS

vendor:lexmarkmodel:cx510scope:ltversion:lw71.gm7.p216

Trust: 1.0

vendor:lexmarkmodel:xs548scope:ltversion:lhs60.vk.p683

Trust: 1.0

vendor:lexmarkmodel:ms91xscope:ltversion:lw71.sa.p216

Trust: 1.0

vendor:lexmarkmodel:mx510scope:ltversion:lw71.sb4.p216

Trust: 1.0

vendor:lexmarkmodel:xs478scope:ltversion:lhs60.ny.p683

Trust: 1.0

vendor:lexmarkmodel:6500escope:ltversion:lhs60.jr.p683

Trust: 1.0

vendor:lexmarkmodel:xs79xscope:ltversion:lhs60.mr.p683

Trust: 1.0

vendor:lexmarkmodel:c925scope:ltversion:lhs60.hv.p683

Trust: 1.0

vendor:lexmarkmodel:mx71xscope:ltversion:lw71.tu.p216

Trust: 1.0

vendor:lexmarkmodel:x74xscope:ltversion:lhs60.ny.p683

Trust: 1.0

vendor:lexmarkmodel:xm1145scope:ltversion:lw71.sb4.p216

Trust: 1.0

vendor:lexmarkmodel:x73xscope:ltversion:lr.fl.p810

Trust: 1.0

vendor:lexmarkmodel:xm71xxscope:ltversion:lw71.tu.p216

Trust: 1.0

vendor:lexmarkmodel:xm3150scope:ltversion:lw71.sb7.p216

Trust: 1.0

vendor:lexmarkmodel:m3150scope:ltversion:lw71.pr4.p216

Trust: 1.0

vendor:lexmarkmodel:x95xscope:ltversion:lhs60.tq.p683

Trust: 1.0

vendor:lexmarkmodel:mx91xscope:ltversion:lw71.mg.p216

Trust: 1.0

vendor:lexmarkmodel:x65xscope:ltversion:lr.mn.p810

Trust: 1.0

vendor:lexmarkmodel:xm51xxscope:ltversion:lw71.tu.p216

Trust: 1.0

vendor:lexmarkmodel:ms610descope:ltversion:lw71.pr4.p216

Trust: 1.0

vendor:lexmarkmodel:cs41xscope:ltversion:lw71.vy2.p216

Trust: 1.0

vendor:lexmarkmodel:cx410scope:ltversion:lw71.gm4.p216

Trust: 1.0

vendor:lexmarkmodel:ms610dtescope:ltversion:lw71.pr4.p216

Trust: 1.0

vendor:lexmarkmodel:x548scope:ltversion:lhs60.vk.p683

Trust: 1.0

vendor:lexmarkmodel:ms812descope:ltversion:lw71.dn7.p216

Trust: 1.0

vendor:lexmarkmodel:mx511scope:ltversion:lw71.sb4.p216

Trust: 1.0

vendor:lexmarkmodel:x46xscope:ltversion:lr.bs.p810

Trust: 1.0

vendor:lexmarkmodel:mx410scope:ltversion:lw71.sb4.p216

Trust: 1.0

vendor:lexmarkmodel:xs925scope:ltversion:lhs60.hk.p683

Trust: 1.0

vendor:lexmarkmodel:sm91xscope:ltversion:lw71.mg.p216

Trust: 1.0

vendor:lexmarkmodel:x792scope:ltversion:lhs60.mr.p683

Trust: 1.0

vendor:lexmarkmodel:c79xscope:ltversion:lhs60.hc.p683

Trust: 1.0

vendor:lexmarkmodel:xs95xscope:ltversion:lhs60.tq.p683

Trust: 1.0

vendor:lexmarkmodel:mx81xscope:ltversion:lw71.tu.p216

Trust: 1.0

vendor:lexmarkmodel:mx611scope:ltversion:lw71.sb7.p216

Trust: 1.0

vendor:lexmarkmodel:cs796scope:ltversion:lhs60.hc.p683

Trust: 1.0

vendor:lexmarkmodel:m5170scope:ltversion:lw71.dn7.p216

Trust: 1.0

vendor:lexmarkmodel:m5155scope:ltversion:lw71.dn4.p216

Trust: 1.0

vendor:lexmarkmodel:c748scope:ltversion:lhs60.cm4.p683

Trust: 1.0

vendor:lexmarkmodel:x925scope:ltversion:lhs60.hk.p683

Trust: 1.0

vendor:lexmarkmodel:cs51xscope:ltversion:lw71.vy4.p216

Trust: 1.0

vendor:lexmarkmodel:mx610scope:ltversion:lw71.sb7.p216

Trust: 1.0

vendor:lexmarkmodel:mx6500escope:lteversion:lw71.jd.p216

Trust: 1.0

vendor:lexmarkmodel:ms810descope:ltversion:lw71.dn4.p216

Trust: 1.0

vendor:lexmarkmodel:x86xscope:ltversion:lr.sp.p810

Trust: 1.0

vendor:lexmarkmodel:xc2132scope:ltversion:lw71.gm7.p216

Trust: 1.0

vendor:lexmarkmodel:m5163scope:ltversion:lw71.dn4.p216

Trust: 1.0

vendor:lexmarkmodel:c95xscope:ltversion:lhs60.tp.p683

Trust: 1.0

vendor:lexmarkmodel:cs748scope:lteversion:lhs60.cm4.p683

Trust: 1.0

vendor:lexmarkmodel:6500escope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c748scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c79xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c925scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:c95xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs51xscope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs748scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs796scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cx410scope: - version: -

Trust: 0.8

vendor:lexmarkmodel:cs41x <=lw71.vy2.p215scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cs51x <=lw71.vy4.p215scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:cx410 <=lw71.gm4.p215scope: - version: -

Trust: 0.6

vendor:lexmarkmodel:m3150 lw71.pr4.p215scope:lteversion:<=

Trust: 0.6

sources: CNVD: CNVD-2020-29733 // JVNDB: JVNDB-2018-016239 // NVD: CVE-2018-18894

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18894
value: HIGH

Trust: 1.0

NVD: JVNDB-2018-016239
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-29733
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202003-402
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-18894
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2018-016239
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-29733
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-18894
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2018-016239
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-29733 // JVNDB: JVNDB-2018-016239 // CNNVD: CNNVD-202003-402 // NVD: CVE-2018-18894

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2018-016239 // NVD: CVE-2018-18894

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-402

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202003-402

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-016239

PATCH
title:Lexmark Security Advisoriesurl:https://support.lexmark.com/alerts/
Trust: 0.8
title:TE906url:http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US
Trust: 0.8
title:Patch for Multiple Lexmark product path traversal vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/218829
Trust: 0.6
title:Multiple Lexmark Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112194
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29733 // 
            
            
            
            JVNDB: JVNDB-2018-016239 // 
            
            
            
            CNNVD: CNNVD-202003-402

EXTERNAL IDS
db:NVDid:CVE-2018-18894
Trust: 3.0
db:JVNDBid:JVNDB-2018-016239
Trust: 0.8
db:CNVDid:CNVD-2020-29733
Trust: 0.6
db:CNNVDid:CNNVD-202003-402
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-29733 // 
            
            
            
            JVNDB: JVNDB-2018-016239 // 
            
            
            
            CNNVD: CNNVD-202003-402 // 
            
            
            
            NVD: CVE-2018-18894

REFERENCES
url:https://nvd.nist.gov/vuln/detail/cve-2018-18894
Trust: 2.0
url:http://support.lexmark.com/index?page=content&id=te906&locale=en&userlocale=en_us
Trust: 1.6
url:http://support.lexmark.com/alerts
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18894
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-29733 // 
            
            
            
            JVNDB: JVNDB-2018-016239 // 
            
            
            
            CNNVD: CNNVD-202003-402 // 
            
            
            
            NVD: CVE-2018-18894

SOURCES
db:CNVDid:CNVD-2020-29733
db:JVNDBid:JVNDB-2018-016239
db:CNNVDid:CNNVD-202003-402
db:NVDid:CVE-2018-18894

LAST UPDATE DATE
2024-11-23T22:25:34.554000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-29733date:2020-05-25T00:00:00
db:JVNDBid:JVNDB-2018-016239date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-402date:2020-04-01T00:00:00
db:NVDid:CVE-2018-18894date:2024-11-21T03:56:50.427

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-29733date:2020-05-25T00:00:00
db:JVNDBid:JVNDB-2018-016239date:2020-04-03T00:00:00
db:CNNVDid:CNNVD-202003-402date:2020-03-10T00:00:00
db:NVDid:CVE-2018-18894date:2020-03-10T13:15:12.330