CVE-2021-28671 — CRITICAL (9.8)

Q: How severe is CVE-2021-28671?

CVE-2021-28671 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-28671?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Phaser 6510 Firmware, Xerox Phaser 6510, Xerox Workcentre 6515 Firmware, Xerox Workcentre 6515, Xerox Versalink B400 Firmware.

Vulnerability Description

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xerox	Phaser 6510 Firmware	< 64.59.11
Xerox	Phaser 6510	-
Xerox	Workcentre 6515 Firmware	< 65.59.11
Xerox	Workcentre 6515	-
Xerox	Versalink B400 Firmware	< 37.59.01
Xerox	Versalink B400	-
Xerox	Versalink B405 Firmware	< 38.59.01
Xerox	Versalink B405	-
Xerox	Versalink B600 Firmware	< 32.59.01
Xerox	Versalink B600	-
Xerox	Versalink B610 Firmware	< 32.59.01
Xerox	Versalink B610	-
Xerox	Versalink B605 Firmware	< 33.59.01
Xerox	Versalink B605	-
Xerox	Versalink B615 Firmware	< 33.59.01
Xerox	Versalink B615	-
Xerox	Versalink B7025 Firmware	< 58.59.11
Xerox	Versalink B7025	-
Xerox	Versalink B7030 Firmware	< 58.59.11
Xerox	Versalink B7030	-

References

https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_SecurityVendor Advisory
https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_SecurityVendor Advisory

FAQ

What is CVE-2021-28671?

CVE-2021-28671 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 ...

How severe is CVE-2021-28671?

CVE-2021-28671 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-28671?

Check the references section above for vendor advisories and patch information. Affected products include: Xerox Phaser 6510 Firmware, Xerox Phaser 6510, Xerox Workcentre 6515 Firmware, Xerox Workcentre 6515, Xerox Versalink B400 Firmware.