PT-2021-17896 · Xerox · Xerox Phaser 6510+13
Published
2021-03-29
·
Updated
2021-04-05
·
CVE-2021-28673
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Xerox Phaser 6510 versions 64.61.23 and 64.59.11 (Bridge) and earlier
WorkCentre 6515 versions 65.61.23 and 65.59.11 (Bridge) and earlier
VersaLink B400 versions 37.61.23 and 37.59.01 (Bridge) and earlier
VersaLink B405 versions 38.61.23 and 38.59.01 (Bridge) and earlier
VersaLink B600/B610 versions 32.61.23 and 32.59.01 (Bridge) and earlier
VersaLink B605/B615 versions 33.61.23 and 33.59.01 (Bridge) and earlier
VersaLink B7025/30/35 versions 58.61.23 and 58.59.11 (Bridge) and earlier
Xerox C400 versions 67.61.23 and 67.59.01 (Bridge) and earlier
Xerox C405 versions 68.61.23 and 68.59.01 (Bridge) and earlier
Xerox C500/C600 versions 61.61.23 and 61.59.01 (Bridge) and earlier
Xerox C505/C605 versions 62.61.23 and 62.59.11 (Bridge) and earlier
Xerox C7000 versions 56.61.23 and 56.59.01 (Bridge) and earlier
Xerox C7020/25/30 versions 57.61.23 and 57.59.01 (Bridge) and earlier
Xerox C8000/C9000 versions 70.61.23 and 70.59.01 (Bridge) and earlier
Description:
The issue allows remote attackers with a "weaponized clone file" to execute arbitrary commands in the Web User Interface.
Recommendations:
For Xerox Phaser 6510, update to a version later than 64.61.23 and 64.59.11 (Bridge).
For WorkCentre 6515, update to a version later than 65.61.23 and 65.59.11 (Bridge).
For VersaLink B400, update to a version later than 37.61.23 and 37.59.01 (Bridge).
For VersaLink B405, update to a version later than 38.61.23 and 38.59.01 (Bridge).
For VersaLink B600/B610, update to a version later than 32.61.23 and 32.59.01 (Bridge).
For VersaLink B605/B615, update to a version later than 33.61.23 and 33.59.01 (Bridge).
For VersaLink B7025/30/35, update to a version later than 58.61.23 and 58.59.11 (Bridge).
For Xerox C400, update to a version later than 67.61.23 and 67.59.01 (Bridge).
For Xerox C405, update to a version later than 68.61.23 and 68.59.01 (Bridge).
For Xerox C500/C600, update to a version later than 61.61.23 and 61.59.01 (Bridge).
For Xerox C505/C605, update to a version later than 62.61.23 and 62.59.11 (Bridge).
For Xerox C7000, update to a version later than 56.61.23 and 56.59.01 (Bridge).
For Xerox C7020/25/30, update to a version later than 57.61.23 and 57.59.01 (Bridge).
For Xerox C8000/C9000, update to a version later than 70.61.23 and 70.59.01 (Bridge).
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Versalink B400
Versalink B405
Versalink B600/B610
Versalink B605/B615
Versalink B7025/30/35
Workcentre 6515
Xerox C400
Xerox C405
Xerox C500/C600
Xerox C505/C605
Xerox C7000
Xerox C7020/25/30
Xerox C8000/C9000
Xerox Phaser 6510