CVE-2021-28672

Name of the Vulnerable Software and Affected Versions: Xerox Phaser 6510 versions 64.65.51 and 64.59.11 (Bridge) and earlier WorkCentre 6515 versions 65.65.51 and 65.59.11 (Bridge) and earlier VersaLink B400 versions 37.65.51 and 37.59.01 (Bridge) and earlier VersaLink B405 versions 38.65.51 and 38.59.01 (Bridge) and earlier VersaLink B600/B610 versions 32.65.51 and 32.59.01 (Bridge) and earlier VersaLink B605/B615 versions 33.65.51 and 33.59.01 (Bridge) and earlier VersaLink B7025/30/35 versions 58.65.51 and 58.59.11 (Bridge) and earlier Xerox C400 versions 67.65.51 and 67.59.01 (Bridge) and earlier Xerox C405 versions 68.65.51 and 68.59.01 (Bridge) and earlier Xerox C500/C600 versions 61.65.51 and 61.59.01 (Bridge) and earlier Xerox C505/C605 versions 62.65.51 and 62.59.01 (Bridge) and earlier Xerox C7000 versions 56.65.51 and 56.59.01 (Bridge) and earlier Xerox C7020/25/30 versions 57.65.51 and 57.59.01 (Bridge) and earlier Xerox C8000/C9000 versions 70.65.51 and 70.59.01 (Bridge) and earlier Xerox C8000W version 72.65.51 and earlier

Description: The issue allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.

Recommendations: As a temporary workaround, consider disabling Web page parameter handling until a patch is available. Restrict access to the Web interface to minimize the risk of exploitation. Avoid using vulnerable Web page parameters in the affected devices until the issue is resolved. Update Xerox Phaser 6510 to version 64.65.51 or later and 64.59.11 (Bridge) or later. Update WorkCentre 6515 to version 65.65.51 or later and 65.59.11 (Bridge) or later. Update VersaLink B400 to version 37.65.51 or later and 37.59.01 (Bridge) or later. Update VersaLink B405 to version 38.65.51 or later and 38.59.01 (Bridge) or later. Update VersaLink B600/B610 to version 32.65.51 or later and 32.59.01 (Bridge) or later. Update VersaLink B605/B615 to version 33.65.51 or later and 33.59.01 (Bridge) or later. Update VersaLink B7025/30/35 to version 58.65.51 or later and 58.59.11 (Bridge) or later. Update Xerox C400 to version 67.65.51 or later and 67.59.01 (Bridge) or later. Update Xerox C405 to version 68.65.51 or later and 68.59.01 (Bridge) or later. Update Xerox C500/C600 to version 61.65.51 or later and 61.59.01 (Bridge) or later. Update Xerox C505/C605 to version 62.65.51 or later and 62.59.01 (Bridge) or later. Update Xerox C7000 to version 56.65.51 or later and 56.59.01 (Bridge) or later. Update Xerox C7020/25/30 to version 57.65.51 or later and 57.59.01 (Bridge) or later. Update Xerox C8000/C9000 to version 70.65.51 or later and 70.59.01 (Bridge) or later. Update Xerox C8000W to version 72.65.51 or later.