CVE-2021-28670

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:xerox:altalink_b8045_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8045:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:xerox:altalink_b8055_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8055:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:xerox:altalink_b8065_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8065:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:xerox:altalink_b8075_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8075:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:xerox:altalink_b8090_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_b8090:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:xerox:altalink_c8030_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8030:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:xerox:altalink_c8035_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8035:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:xerox:altalink_c8045_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8045:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:xerox:altalink_c8055_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8055:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:xerox:altalink_c8070_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xerox:altalink_c8070:-:*:*:*:*:*:*:*

History

01 Apr 2021, 13:59

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.4 v3 : 9.1
CPE		cpe:2.3:o:xerox:altalink_b8045_firmware:::::::: cpe:2.3:o:xerox:altalink_b8065_firmware:::::::: cpe:2.3:o:xerox:altalink_c8035_firmware:::::::: cpe:2.3:h:xerox:altalink_b8045:-:::::::* cpe:2.3:o:xerox:altalink_c8055_firmware:::::::: cpe:2.3:h:xerox:altalink_c8055:-:::::::* cpe:2.3:h:xerox:altalink_b8075:-:::::::* cpe:2.3:o:xerox:altalink_b8090_firmware:::::::: cpe:2.3:o:xerox:altalink_c8045_firmware:::::::: cpe:2.3:o:xerox:altalink_b8055_firmware:::::::: cpe:2.3:o:xerox:altalink_b8075_firmware:::::::: cpe:2.3:h:xerox:altalink_c8035:-:::::::* cpe:2.3:o:xerox:altalink_c8070_firmware:::::::: cpe:2.3:h:xerox:altalink_b8090:-:::::::* cpe:2.3:o:xerox:altalink_c8030_firmware:::::::: cpe:2.3:h:xerox:altalink_c8070:-:::::::* cpe:2.3:h:xerox:altalink_b8055:-:::::::* cpe:2.3:h:xerox:altalink_b8065:-:::::::* cpe:2.3:h:xerox:altalink_c8030:-:::::::* cpe:2.3:h:xerox:altalink_c8045:-:::::::*
References	~~(CONFIRM) https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf -~~	(CONFIRM) https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf - Patch, Vendor Advisory

29 Mar 2021, 19:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-29 18:15

Updated : 2023-12-10 13:55

NVD link : CVE-2021-28670

Mitre link : CVE-2021-28670

CVE.ORG link : CVE-2021-28670

JSON object : View

Products Affected

xerox

altalink_c8030
altalink_b8045_firmware
altalink_c8070_firmware
altalink_c8035
altalink_b8065_firmware
altalink_c8045
altalink_c8055
altalink_b8075
altalink_b8055_firmware
altalink_b8065
altalink_b8090
altalink_b8075_firmware
altalink_b8045
altalink_c8030_firmware
altalink_b8055
altalink_c8035_firmware
altalink_c8055_firmware
altalink_b8090_firmware
altalink_c8070
altalink_c8045_firmware

CWE

NVD-CWE-noinfo

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-28670

9.1^/10

6.4^/10

Attach tags to `CVE-2021-28670`