1. Home
  2. CVE Database
  3. CVE-2021-28670
CRITICAL · 9.1

CVE-2021-28670

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveragi...

Vulnerability Description

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
XeroxAltalink B8045 Firmware< 103.008.020.23120
XeroxAltalink B8045-
XeroxAltalink B8055 Firmware< 103.008.020.23120
XeroxAltalink B8055-
XeroxAltalink B8065 Firmware< 103.008.020.23120
XeroxAltalink B8065-
XeroxAltalink B8075 Firmware< 103.008.020.23120
XeroxAltalink B8075-
XeroxAltalink B8090 Firmware< 103.008.020.23120
XeroxAltalink B8090-
XeroxAltalink C8030 Firmware< 103.001.020.23120
XeroxAltalink C8030-
XeroxAltalink C8035 Firmware< 103.001.020.23120
XeroxAltalink C8035-
XeroxAltalink C8045 Firmware< 103.002.020.23120
XeroxAltalink C8045-
XeroxAltalink C8055 Firmware< 103.002.020.23120
XeroxAltalink C8055-
XeroxAltalink C8070 Firmware< 103.003.020.23120
XeroxAltalink C8070-

References

FAQ

What is CVE-2021-28670?

CVE-2021-28670 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveragi...

How severe is CVE-2021-28670?

CVE-2021-28670 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-28670?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Altalink B8045 Firmware, Xerox Altalink B8045, Xerox Altalink B8055 Firmware, Xerox Altalink B8055, Xerox Altalink B8065 Firmware.