Vulnerability Description
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lexmark | 6500E Firmware | < lhs60.jr.p683 |
| Lexmark | 6500E | - |
| Lexmark | C748 Firmware | < lhs60.cm4.p683 |
| Lexmark | C748 | - |
| Lexmark | C79X Firmware | < lhs60.hc.p683 |
| Lexmark | C79X | - |
| Lexmark | C925 Firmware | < lhs60.hv.p683 |
| Lexmark | C925 | - |
| Lexmark | C95X Firmware | < lhs60.tp.p683 |
| Lexmark | C95X | - |
| Lexmark | Cs41X Firmware | < lw71.vy2.p216 |
| Lexmark | Cs41X | - |
| Lexmark | Cs51X Firmware | < lw71.vy4.p216 |
| Lexmark | Cs51X | - |
| Lexmark | Cs748 Firmware | <= lhs60.cm4.p683 |
| Lexmark | Cs748 | - |
| Lexmark | Cs796 Firmware | < lhs60.hc.p683 |
| Lexmark | Cs796 | - |
| Lexmark | Cx410 Firmware | < lw71.gm4.p216 |
| Lexmark | Cx410 | - |
Related Weaknesses (CWE)
References
- http://support.lexmark.com/alertsVendor Advisory
- http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_UVendor Advisory
- http://support.lexmark.com/alertsVendor Advisory
- http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_UVendor Advisory
FAQ
What is CVE-2018-18894?
CVE-2018-18894 is a vulnerability with a CVSS score of 7.5 (HIGH). Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
How severe is CVE-2018-18894?
CVE-2018-18894 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18894?
Check the references section above for vendor advisories and patch information. Affected products include: Lexmark 6500E Firmware, Lexmark 6500E, Lexmark C748 Firmware, Lexmark C748, Lexmark C79X Firmware.