7.5
CVE-2018-18894
- EPSS 0.27%
- Veröffentlicht 10.03.2020 13:15:12
- Zuletzt bearbeitet 21.11.2024 03:56:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCertain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lexmark ≫ 6500e Firmware Version < lhs60.jr.p683
Lexmark ≫ C748 Firmware Version < lhs60.cm4.p683
Lexmark ≫ C79x Firmware Version < lhs60.hc.p683
Lexmark ≫ C925 Firmware Version < lhs60.hv.p683
Lexmark ≫ C95x Firmware Version < lhs60.tp.p683
Lexmark ≫ Cs41x Firmware Version < lw71.vy2.p216
Lexmark ≫ Cs51x Firmware Version < lw71.vy4.p216
Lexmark ≫ Cs748 Firmware Version <= lhs60.cm4.p683
Lexmark ≫ Cs796 Firmware Version < lhs60.hc.p683
Lexmark ≫ Cx410 Firmware Version < lw71.gm4.p216
Lexmark ≫ Cx510 Firmware Version < lw71.gm7.p216
Lexmark ≫ M3150 Firmware Version < lw71.pr4.p216
Lexmark ≫ M5155 Firmware Version < lw71.dn4.p216
Lexmark ≫ M5163 Firmware Version < lw71.dn4.p216
Lexmark ≫ M5170 Firmware Version < lw71.dn7.p216
Lexmark ≫ Ms610de Firmware Version < lw71.pr4.p216
Lexmark ≫ Ms610dte Firmware Version < lw71.pr4.p216
Lexmark ≫ Ms810de Firmware Version < lw71.dn4.p216
Lexmark ≫ Ms812de Firmware Version < lw71.dn7.p216
Lexmark ≫ Ms91x Firmware Version < lw71.sa.p216
Lexmark ≫ Mx410 Firmware Version < lw71.sb4.p216
Lexmark ≫ Mx510 Firmware Version < lw71.sb4.p216
Lexmark ≫ Mx511 Firmware Version < lw71.sb4.p216
Lexmark ≫ Mx610 Firmware Version < lw71.sb7.p216
Lexmark ≫ Mx611 Firmware Version < lw71.sb7.p216
Lexmark ≫ Mx6500e Firmware Version <= lw71.jd.p216
Lexmark ≫ Mx71x Firmware Version < lw71.tu.p216
Lexmark ≫ Mx81x Firmware Version < lw71.tu.p216
Lexmark ≫ Mx91x Firmware Version < lw71.mg.p216
Lexmark ≫ Sm91x Firmware Version < lw71.mg.p216
Lexmark ≫ X46x Firmware Version < lr.bs.p810
Lexmark ≫ X548 Firmware Version < lhs60.vk.p683
Lexmark ≫ X65x Firmware Version < lr.mn.p810
Lexmark ≫ X73x Firmware Version < lr.fl.p810
Lexmark ≫ X74x Firmware Version < lhs60.ny.p683
Lexmark ≫ X792 Firmware Version < lhs60.mr.p683
Lexmark ≫ X86x Firmware Version < lr.sp.p810
Lexmark ≫ X925 Firmware Version < lhs60.hk.p683
Lexmark ≫ X95x Firmware Version < lhs60.tq.p683
Lexmark ≫ Xc2132 Firmware Version < lw71.gm7.p216
Lexmark ≫ Xm1145 Firmware Version < lw71.sb4.p216
Lexmark ≫ Xm3150 Firmware Version < lw71.sb7.p216
Lexmark ≫ Xm51xx Firmware Version < lw71.tu.p216
Lexmark ≫ Xm71xx Firmware Version < lw71.tu.p216
Lexmark ≫ Xs478 Firmware Version < lhs60.ny.p683
Lexmark ≫ Xs548 Firmware Version < lhs60.vk.p683
Lexmark ≫ Xs79x Firmware Version < lhs60.mr.p683
Lexmark ≫ Xs925 Firmware Version < lhs60.hk.p683
Lexmark ≫ Xs95x Firmware Version < lhs60.tq.p683
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.475 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.