CVE-2018-18894

high-risk
Published 2020-03-10

Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) contain a directory traversal vulnerability in the embedded web server.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (20)

6500E Firmware
C748 Firmware
C79X Firmware
C925 Firmware
C95X Firmware
Cs41X Firmware
Cs51X Firmware
Cs748 Firmware
Cs796 Firmware
Cx410 Firmware
Cx510 Firmware
M3150 Firmware
M5155 Firmware
M5163 Firmware
M5170 Firmware
Ms610De Firmware
Ms610Dte Firmware
Ms810De Firmware
Ms812De Firmware
Ms91X Firmware

Affected Vendors

Lexmark

References (4)

Vendor Advisory http://support.lexmark.com/alerts
Vendor Advisory http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_U...
Vendor Advisory http://support.lexmark.com/alerts
Vendor Advisory http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_U...
52
/ 100
high-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 25/34 · High