Strix
26.1K

CVE-2018-18894

HIGHCVSS 7.5/10EPSS 1.65%

Last modified

CVE-2018-18894 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.. EPSS estimates a 1.65% chance of exploitation in the next 30 days.

Description

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
1.65%

73.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Lexmark6500e Firmware< lhs60.jr.p683
LexmarkC748 Firmware< lhs60.cm4.p683
LexmarkC79x Firmware< lhs60.hc.p683
LexmarkC925 Firmware< lhs60.hv.p683
LexmarkC95x Firmware< lhs60.tp.p683
LexmarkCs41x Firmware< lw71.vy2.p216
LexmarkCs51x Firmware< lw71.vy4.p216
LexmarkCs748 Firmware<= lhs60.cm4.p683
LexmarkCs796 Firmware< lhs60.hc.p683
LexmarkCx410 Firmware< lw71.gm4.p216
LexmarkCx510 Firmware< lw71.gm7.p216
LexmarkM3150 Firmware< lw71.pr4.p216
LexmarkM5155 Firmware< lw71.dn4.p216
LexmarkM5163 Firmware< lw71.dn4.p216
LexmarkM5170 Firmware< lw71.dn7.p216
LexmarkMs610de Firmware< lw71.pr4.p216
LexmarkMs610dte Firmware< lw71.pr4.p216
LexmarkMs810de Firmware< lw71.dn4.p216
LexmarkMs812de Firmware< lw71.dn7.p216
LexmarkMs91x Firmware< lw71.sa.p216
LexmarkMx410 Firmware< lw71.sb4.p216
LexmarkMx510 Firmware< lw71.sb4.p216
LexmarkMx511 Firmware< lw71.sb4.p216
LexmarkMx610 Firmware< lw71.sb7.p216
LexmarkMx611 Firmware< lw71.sb7.p216
LexmarkMx6500e Firmware<= lw71.jd.p216
LexmarkMx71x Firmware< lw71.tu.p216
LexmarkMx81x Firmware< lw71.tu.p216
LexmarkMx91x Firmware< lw71.mg.p216
LexmarkSm91x Firmware< lw71.mg.p216
LexmarkX46x Firmware< lr.bs.p810
LexmarkX548 Firmware< lhs60.vk.p683
LexmarkX65x Firmware< lr.mn.p810
LexmarkX73x Firmware< lr.fl.p810
LexmarkX74x Firmware< lhs60.ny.p683
LexmarkX792 Firmware< lhs60.mr.p683
LexmarkX86x Firmware< lr.sp.p810
LexmarkX925 Firmware< lhs60.hk.p683
LexmarkX95x Firmware< lhs60.tq.p683
LexmarkXc2132 Firmware< lw71.gm7.p216
LexmarkXm1145 Firmware< lw71.sb4.p216
LexmarkXm3150 Firmware< lw71.sb7.p216
LexmarkXm51xx Firmware< lw71.tu.p216
LexmarkXm71xx Firmware< lw71.tu.p216
LexmarkXs478 Firmware< lhs60.ny.p683
LexmarkXs548 Firmware< lhs60.vk.p683
LexmarkXs79x Firmware< lhs60.mr.p683
LexmarkXs925 Firmware< lhs60.hk.p683
LexmarkXs95x Firmware< lhs60.tq.p683

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-18894?
Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
How severe is CVE-2018-18894?
CVE-2018-18894 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.65% probability of exploitation in the next 30 days.
How do I fix CVE-2018-18894?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18894?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST