lexmark 6500e_firmware 对路径名的限制不恰当(路径遍历)
CVE编号
CVE-2018-18894利用情况
暂无补丁情况
N/A披露时间
2020-03-11漏洞描述
Lexmark CX410等都是美国利盟(Lexmark)公司的一款打印机。 多款Lexmark产品中存在路径遍历漏洞。攻击者可利用该漏洞访问敏感的文件。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US
参考链接 |
|
|---|---|
| http://support.lexmark.com/alerts | |
| http://support.lexmark.com/index?page=content&id=TE906&locale=EN&userlocale=EN_US |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | lexmark | 6500e_firmware | * | Up to (excluding) lhs60.jr.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | c748_firmware | * | Up to (excluding) lhs60.cm4.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | c79x_firmware | * | Up to (excluding) lhs60.hc.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | c925_firmware | * | Up to (excluding) lhs60.hv.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | c95x_firmware | * | Up to (excluding) lhs60.tp.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cs41x_firmware | * | Up to (excluding) lw71.vy2.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cs51x_firmware | * | Up to (excluding) lw71.vy4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cs748_firmware | * | Up to (including) lhs60.cm4.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cs796_firmware | * | Up to (excluding) lhs60.hc.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cx410_firmware | * | Up to (excluding) lw71.gm4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | cx510_firmware | * | Up to (excluding) lw71.gm7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | m3150_firmware | * | Up to (excluding) lw71.pr4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | m5155_firmware | * | Up to (excluding) lw71.dn4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | m5163_firmware | * | Up to (excluding) lw71.dn4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | m5170_firmware | * | Up to (excluding) lw71.dn7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | ms610de_firmware | * | Up to (excluding) lw71.pr4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | ms610dte_firmware | * | Up to (excluding) lw71.pr4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | ms810de_firmware | * | Up to (excluding) lw71.dn4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | ms812de_firmware | * | Up to (excluding) lw71.dn7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | ms91x_firmware | * | Up to (excluding) lw71.sa.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx410_firmware | * | Up to (excluding) lw71.sb4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx510_firmware | * | Up to (excluding) lw71.sb4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx511_firmware | * | Up to (excluding) lw71.sb4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx610_firmware | * | Up to (excluding) lw71.sb7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx611_firmware | * | Up to (excluding) lw71.sb7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx6500e_firmware | * | Up to (including) lw71.jd.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx71x_firmware | * | Up to (excluding) lw71.tu.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx81x_firmware | * | Up to (excluding) lw71.tu.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | mx91x_firmware | * | Up to (excluding) lw71.mg.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | sm91x_firmware | * | Up to (excluding) lw71.mg.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x46x_firmware | * | Up to (excluding) lr.bs.p810 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x548_firmware | * | Up to (excluding) lhs60.vk.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x65x_firmware | * | Up to (excluding) lr.mn.p810 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x73x_firmware | * | Up to (excluding) lr.fl.p810 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x74x_firmware | * | Up to (excluding) lhs60.ny.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x792_firmware | * | Up to (excluding) lhs60.mr.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x86x_firmware | * | Up to (excluding) lr.sp.p810 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x925_firmware | * | Up to (excluding) lhs60.hk.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | x95x_firmware | * | Up to (excluding) lhs60.tq.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xc2132_firmware | * | Up to (excluding) lw71.gm7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xm1145_firmware | * | Up to (excluding) lw71.sb4.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xm3150_firmware | * | Up to (excluding) lw71.sb7.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xm51xx_firmware | * | Up to (excluding) lw71.tu.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xm71xx_firmware | * | Up to (excluding) lw71.tu.p216 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xs478_firmware | * | Up to (excluding) lhs60.ny.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xs548_firmware | * | Up to (excluding) lhs60.vk.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xs79x_firmware | * | Up to (excluding) lhs60.mr.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xs925_firmware | * | Up to (excluding) lhs60.hk.p683 | |||||
| 运行在以下环境 | |||||||||
| 系统 | lexmark | xs95x_firmware | * | Up to (excluding) lhs60.tq.p683 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | 6500e | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | c748 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | c79x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | c925 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | c95x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cs41x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cs51x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cs748 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cs796 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cx410 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | cx510 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | m3150 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | m5155 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | m5163 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | m5170 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | ms610de | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | ms610dte | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | ms810de | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | ms812de | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | ms91x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx410 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx510 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx511 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx610 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx611 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx6500e | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx71x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx81x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | mx91x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | sm91x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x46x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x548 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x65x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x73x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x74x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x792 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x86x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x925 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | x95x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xc2132 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xm1145 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xm3150 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xm51xx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xm71xx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xs478 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xs548 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xs79x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xs925 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | lexmark | xs95x | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 高
- 完整性 无
| CWE-ID | 漏洞类型 |
| CWE-22 | 对路径名的限制不恰当(路径遍历) |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论