CVE-2021-28671

Name of the Vulnerable Software and Affected Versions: Xerox Phaser 6510 versions 64.65.51 and 64.59.11 (Bridge) and earlier WorkCentre 6515 versions 65.65.51 and 65.59.11 (Bridge) and earlier VersaLink B400 versions 37.65.51 and 37.59.01 (Bridge) and earlier VersaLink B405 versions 38.65.51 and 38.59.01 (Bridge) and earlier VersaLink B600/B610 versions 32.65.51 and 32.59.01 (Bridge) and earlier VersaLink B605/B615 versions 33.65.51 and 33.59.01 (Bridge) and earlier VersaLink B7025/30/35 versions 58.65.51 and 58.59.11 (Bridge) and earlier Xerox C400 versions 67.65.51 and 67.59.01 (Bridge) and earlier Xerox C405 versions 68.65.51 and 68.59.01 (Bridge) and earlier Xerox C500/C600 versions 61.65.51 and 61.59.01 (Bridge) and earlier Xerox C505/C605 versions 62.65.51 and 62.59.01 (Bridge) and earlier Xerox C7000 versions 56.65.51 and 56.59.01 (Bridge) and earlier Xerox C7020/25/30 versions 57.65.51 and 57.59.01 (Bridge) and earlier Xerox C8000/C9000 versions 70.65.51 and 70.59.01 (Bridge) and earlier Xerox C8000W version 72.65.51 and earlier

Description: The issue is a remote Command Execution vulnerability in the Web User Interface. This allows remote attackers with a "weaponized clone file" to execute arbitrary commands.

Recommendations: For Xerox Phaser 6510 versions 64.65.51 and 64.59.11 (Bridge) and earlier, update to a version later than 64.65.51 and 64.59.11. For WorkCentre 6515 versions 65.65.51 and 65.59.11 (Bridge) and earlier, update to a version later than 65.65.51 and 65.59.11. For VersaLink B400 versions 37.65.51 and 37.59.01 (Bridge) and earlier, update to a version later than 37.65.51 and 37.59.01. For VersaLink B405 versions 38.65.51 and 38.59.01 (Bridge) and earlier, update to a version later than 38.65.51 and 38.59.01. For VersaLink B600/B610 versions 32.65.51 and 32.59.01 (Bridge) and earlier, update to a version later than 32.65.51 and 32.59.01. For VersaLink B605/B615 versions 33.65.51 and 33.59.01 (Bridge) and earlier, update to a version later than 33.65.51 and 33.59.01. For VersaLink B7025/30/35 versions 58.65.51 and 58.59.11 (Bridge) and earlier, update to a version later than 58.65.51 and 58.59.11. For Xerox C400 versions 67.65.51 and 67.59.01 (Bridge) and earlier, update to a version later than 67.65.51 and 67.59.01. For Xerox C405 versions 68.65.51 and 68.59.01 (Bridge) and earlier, update to a version later than 68.65.51 and 68.59.01. For Xerox C500/C600 versions 61.65.51 and 61.59.01 (Bridge) and earlier, update to a version later than 61.65.51 and 61.59.01. For Xerox C505/C605 versions 62.65.51 and 62.59.01 (Bridge) and earlier, update to a version later than 62.65.51 and 62.59.01. For Xerox C7000 versions 56.65.51 and 56.59.01 (Bridge) and earlier, update to a version later than 56.65.51 and 56.59.01. For Xerox C7020/25/30 versions 57.65.51 and 57.59.01 (Bridge) and earlier, update to a version later than 57.65.51 and 57.59.01. For Xerox C8000/C9000 versions 70.65.51 and 70.59.01 (Bridge) and earlier, update to a version later than 70.65.51 and 70.59.01. For Xerox C8000W version 72.65.51 and earlier, update to a version later than 72.65.51.