CVE-2018-18894

Q: What is the severity of CVE-2018-18894?

CVE-2018-18894 has a CVSS score of 7.5 (HIGH). This CVE describes a directory traversal vulnerability in the embedded web server of certain older Lexmark printers. Attackers can exploit this to access files outside the intended directory, potentially exposing sensitive information. Affected devices include specific Lexmark C, M, X, and 6500e series printers manufactured before December 2018.

7.5 HIGH

📋 TL;DR

This CVE describes a directory traversal vulnerability in the embedded web server of certain older Lexmark printers. Attackers can exploit this to access files outside the intended directory, potentially exposing sensitive information. Affected devices include specific Lexmark C, M, X, and 6500e series printers manufactured before December 2018.

💻 Affected Systems

Products:

Lexmark C series printers
Lexmark M series printers
Lexmark X series printers
Lexmark 6500e series printers

Versions: All versions before firmware updates released on 2018-12-18

Operating Systems: Embedded printer firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with the embedded web server enabled (typically enabled by default).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise allowing attackers to read sensitive configuration files, modify device settings, or potentially execute arbitrary code on the printer.

🟠

Likely Case

Unauthorized access to sensitive files containing network credentials, configuration data, or user information stored on the printer.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external access to printer web interfaces.

🌐 Internet-Facing: HIGH - Web servers directly exposed to the internet are vulnerable to automated scanning and exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability to pivot within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are well-understood and often exploited using simple HTTP requests with path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released on or after 2018-12-18

Vendor Advisory: http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US

Restart Required: Yes

Instructions:

1. Visit Lexmark support website. 2. Download latest firmware for your specific printer model. 3. Upload firmware via printer web interface or USB. 4. Reboot printer after installation.

🔧 Temporary Workarounds

Disable Embedded Web Server

all

Turn off the vulnerable web server component if not required for operations.

Access printer settings via control panel > Network/Ports > Embedded Web Server > Disable

Network Segmentation

all

Isolate printers on separate VLAN with restricted access.

🧯 If You Can't Patch

Implement strict network access controls to limit printer web interface access to authorized IPs only
Monitor printer network traffic for unusual HTTP requests containing directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check printer firmware version via web interface (Settings > Reports > Configuration Report) and compare to patched versions from Lexmark advisory.

Check Version:

curl -s http://printer-ip/js/dynamic/printer.config.js | grep 'var firmwareVersion'

Verify Fix Applied:

Verify firmware version shows date after 2018-12-18 and attempt directory traversal test requests (e.g., /../../etc/passwd) which should return errors.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' sequences in URLs
Access to unusual file paths in web server logs
Failed authentication attempts to printer admin interface

Network Indicators:

HTTP requests with path traversal patterns to printer IPs
Unusual outbound connections from printers

SIEM Query:

source="printer_logs" AND (url="*../*" OR status=403 OR status=404) AND dest_ip="printer_network_range"

📊 Metadata

CVE ID: CVE-2018-18894

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: March 10, 2020

Last Updated: November 21, 2024

🔗 References

http://support.lexmark.com/alerts Vendor Advisory
http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US Vendor Advisory
http://support.lexmark.com/alerts Vendor Advisory
http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

6500e Firmware by Lexmark

C748 Firmware by Lexmark

C79x Firmware by Lexmark

C925 Firmware by Lexmark

C95x Firmware by Lexmark

Cs41x Firmware by Lexmark

Cs51x Firmware by Lexmark

Cs748 Firmware by Lexmark

Cs796 Firmware by Lexmark

Cx410 Firmware by Lexmark

Cx510 Firmware by Lexmark

M3150 Firmware by Lexmark

M5155 Firmware by Lexmark

M5163 Firmware by Lexmark

M5170 Firmware by Lexmark

Ms610de Firmware by Lexmark

Ms610dte Firmware by Lexmark

Ms810de Firmware by Lexmark

Ms812de Firmware by Lexmark

Ms91x Firmware by Lexmark

Mx410 Firmware by Lexmark

Mx510 Firmware by Lexmark

Mx511 Firmware by Lexmark

Mx610 Firmware by Lexmark

Mx611 Firmware by Lexmark

Mx6500e Firmware by Lexmark

Mx71x Firmware by Lexmark

Mx81x Firmware by Lexmark

Mx91x Firmware by Lexmark

Sm91x Firmware by Lexmark

X46x Firmware by Lexmark

X548 Firmware by Lexmark

X65x Firmware by Lexmark

X73x Firmware by Lexmark

X74x Firmware by Lexmark

X792 Firmware by Lexmark

X86x Firmware by Lexmark

X925 Firmware by Lexmark

X95x Firmware by Lexmark

Xc2132 Firmware by Lexmark

Xm1145 Firmware by Lexmark

Xm3150 Firmware by Lexmark

Xm51xx Firmware by Lexmark

Xm71xx Firmware by Lexmark

Xs478 Firmware by Lexmark

Xs548 Firmware by Lexmark

Xs79x Firmware by Lexmark

Xs925 Firmware by Lexmark

Xs95x Firmware by Lexmark