Vulnerability Name: CVE-2021-28671 (CCN-198994) Assigned: 2021-03-18 Published: 2021-03-18 Updated: 2021-04-05 Summary: Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 have a remote Command Execution vulnerability in the Web User Interface that allows remote attackers with "a weaponized clone file" to execute arbitrary commands. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRECVE-2021-28671 xerox-cve202128671-cmd-exec(198994) Xerox Phaser https://securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf Vulnerable Configuration: Configuration 1 :cpe:/o:xerox:phaser_6510_firmware:*:*:*:*:*:*:*:* (Version < 64.59.11)AND cpe:/h:xerox:phaser_6510:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:xerox:workcentre_6515_firmware:*:*:*:*:*:*:*:* (Version < 65.59.11)AND cpe:/h:xerox:workcentre_6515:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:xerox:versalink_b400_firmware:*:*:*:*:*:*:*:* (Version < 37.59.01)AND cpe:/h:xerox:versalink_b400:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:xerox:versalink_b405_firmware:*:*:*:*:*:*:*:* (Version < 38.59.01)AND cpe:/h:xerox:versalink_b405:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:xerox:versalink_b600_firmware:*:*:*:*:*:*:*:* (Version < 32.59.01)AND cpe:/h:xerox:versalink_b600:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:xerox:versalink_b610_firmware:*:*:*:*:*:*:*:* (Version < 32.59.01)AND cpe:/h:xerox:versalink_b610:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:xerox:versalink_b605_firmware:*:*:*:*:*:*:*:* (Version < 33.59.01)AND cpe:/h:xerox:versalink_b605:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:xerox:versalink_b615_firmware:*:*:*:*:*:*:*:* (Version < 33.59.01)AND cpe:/h:xerox:versalink_b615:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:xerox:versalink_b7025_firmware:*:*:*:*:*:*:*:* (Version < 58.59.11)AND cpe:/h:xerox:versalink_b7025:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:xerox:versalink_b7030_firmware:*:*:*:*:*:*:*:* (Version < 58.59.11)AND cpe:/h:xerox:versalink_b7030:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:xerox:versalink_b7035_firmware:*:*:*:*:*:*:*:* (Version < 58.59.11)AND cpe:/h:xerox:versalink_b7035:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:xerox:versalink_c400_firmware:*:*:*:*:*:*:*:* (Version < 67.59.01)AND cpe:/h:xerox:versalink_c400:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:xerox:versalink_c405_firmware:*:*:*:*:*:*:*:* (Version < 68.59.01)AND cpe:/h:xerox:versalink_c405:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:xerox:versalink_c500_firmware:*:*:*:*:*:*:*:* (Version < 61.59.01)AND cpe:/h:xerox:versalink_c500:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:xerox:versalink_c600_firmware:*:*:*:*:*:*:*:* (Version < 61.59.01)AND cpe:/h:xerox:versalink_c600:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:xerox:versalink_c505_firmware:*:*:*:*:*:*:*:* (Version < 62.59.01)AND cpe:/h:xerox:versalink_c505:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:xerox:versalink_c605_firmware:*:*:*:*:*:*:*:* (Version < 62.59.01)AND cpe:/h:xerox:versalink_c605:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:xerox:versalink_c7000_firmware:*:*:*:*:*:*:*:* (Version < 56.59.01)AND cpe:/h:xerox:versalink_c7000:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:xerox:versalink_c7020_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7020:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:xerox:versalink_c7025_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7025:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:xerox:versalink_c7030_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7030:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:xerox:versalink_c8000_firmware:*:*:*:*:*:*:*:* (Version < 70.59.01)AND cpe:/h:xerox:versalink_c8000:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:xerox:versalink_c9000_firmware:*:*:*:*:*:*:*:* (Version < 70.59.01)AND cpe:/h:xerox:versalink_c9000:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:xerox:phaser_6510_firmware:*:*:*:*:*:*:*:* (Version < 64.65.51)AND cpe:/h:xerox:phaser_6510:-:*:*:*:*:*:*:* Configuration 25 :cpe:/o:xerox:workcentre_6515_firmware:*:*:*:*:*:*:*:* (Version < 65.65.51)AND cpe:/h:xerox:workcentre_6515:-:*:*:*:*:*:*:* Configuration 26 :cpe:/o:xerox:versalink_b400_firmware:*:*:*:*:*:*:*:* (Version < 37.65.51)AND cpe:/h:xerox:versalink_b400:-:*:*:*:*:*:*:* Configuration 27 :cpe:/o:xerox:versalink_b405_firmware:*:*:*:*:*:*:*:* (Version < 38.65.51)AND cpe:/h:xerox:versalink_b405:-:*:*:*:*:*:*:* Configuration 28 :cpe:/o:xerox:versalink_b610_firmware:*:*:*:*:*:*:*:* (Version < 32.65.51)AND cpe:/h:xerox:versalink_b610:-:*:*:*:*:*:*:* Configuration 29 :cpe:/o:xerox:versalink_b605_firmware:*:*:*:*:*:*:*:* (Version < 33.65.51)AND cpe:/h:xerox:versalink_b605:-:*:*:*:*:*:*:* Configuration 30 :cpe:/o:xerox:versalink_b615_firmware:*:*:*:*:*:*:*:* (Version < 33.65.51)AND cpe:/h:xerox:versalink_b615:-:*:*:*:*:*:*:* Configuration 31 :cpe:/o:xerox:versalink_b7025_firmware:*:*:*:*:*:*:*:* (Version < 58.65.51)AND cpe:/h:xerox:versalink_b7025:-:*:*:*:*:*:*:* Configuration 32 :cpe:/o:xerox:versalink_c400_firmware:*:*:*:*:*:*:*:* (Version < 67.65.51)AND cpe:/h:xerox:versalink_c400:-:*:*:*:*:*:*:* Configuration 33 :cpe:/o:xerox:versalink_c405_firmware:*:*:*:*:*:*:*:* (Version < 68.65.51)AND cpe:/h:xerox:versalink_c405:-:*:*:*:*:*:*:* Configuration 34 :cpe:/o:xerox:versalink_c500_firmware:*:*:*:*:*:*:*:* (Version < 61.65.51)AND cpe:/h:xerox:versalink_c500:-:*:*:*:*:*:*:* Configuration 35 :cpe:/o:xerox:versalink_c600_firmware:*:*:*:*:*:*:*:* (Version < 61.65.51)AND cpe:/h:xerox:versalink_c600:-:*:*:*:*:*:*:* Configuration 36 :cpe:/o:xerox:versalink_c505_firmware:*:*:*:*:*:*:*:* (Version < 62.65.51)AND cpe:/h:xerox:versalink_c505:-:*:*:*:*:*:*:* Configuration 37 :cpe:/o:xerox:versalink_c605_firmware:*:*:*:*:*:*:*:* (Version < 62.65.51)AND cpe:/h:xerox:versalink_c605:-:*:*:*:*:*:*:* Configuration 38 :cpe:/o:xerox:versalink_c7000_firmware:*:*:*:*:*:*:*:* (Version < 56.65.51)AND cpe:/h:xerox:versalink_c7000:-:*:*:*:*:*:*:* Configuration 39 :cpe:/o:xerox:versalink_c7020_firmware:*:*:*:*:*:*:*:* (Version < 57.65.51)AND cpe:/h:xerox:versalink_c7020:-:*:*:*:*:*:*:* Configuration 40 :cpe:/o:xerox:versalink_c7025_firmware:*:*:*:*:*:*:*:* (Version < 57.65.51)AND cpe:/h:xerox:versalink_c7025:-:*:*:*:*:*:*:* Configuration 41 :cpe:/o:xerox:versalink_c7030_firmware:*:*:*:*:*:*:*:* (Version < 57.65.51)AND cpe:/h:xerox:versalink_c7030:-:*:*:*:*:*:*:* Configuration 42 :cpe:/o:xerox:versalink_c8000_firmware:*:*:*:*:*:*:*:* (Version < 70.65.51)AND cpe:/h:xerox:versalink_c8000:-:*:*:*:*:*:*:* Configuration 43 :cpe:/o:xerox:versalink_c9000_firmware:*:*:*:*:*:*:*:* (Version < 70.65.51)AND cpe:/h:xerox:versalink_c9000:-:*:*:*:*:*:*:* Configuration 44 :cpe:/o:xerox:versalink_c8000w_firmware:*:*:*:*:*:*:*:* (Version < 72.65.51)AND cpe:/h:xerox:versalink_c8000w:-:*:*:*:*:*:*:* Configuration 45 :cpe:/o:xerox:versalink_b600_firmware:*:*:*:*:*:*:*:* (Version < 32.65.51)AND cpe:/h:xerox:versalink_b600:-:*:*:*:*:*:*:* Configuration 46 :cpe:/o:xerox:versalink_b7030_firmware:*:*:*:*:*:*:*:* (Version < 58.65.51)AND cpe:/h:xerox:versalink_b7030:-:*:*:*:*:*:*:* Configuration 47 :cpe:/o:xerox:versalink_b7035_firmware:*:*:*:*:*:*:*:* (Version < 58.65.51)AND cpe:/h:xerox:versalink_b7035:-:*:*:*:*:*:*:* BACK
xerox phaser 6510 firmware *
xerox phaser 6510 -
xerox workcentre 6515 firmware *
xerox workcentre 6515 -
xerox versalink b400 firmware *
xerox versalink b400 -
xerox versalink b405 firmware *
xerox versalink b405 -
xerox versalink b600 firmware *
xerox versalink b600 -
xerox versalink b610 firmware *
xerox versalink b610 -
xerox versalink b605 firmware *
xerox versalink b605 -
xerox versalink b615 firmware *
xerox versalink b615 -
xerox versalink b7025 firmware *
xerox versalink b7025 -
xerox versalink b7030 firmware *
xerox versalink b7030 -
xerox versalink b7035 firmware *
xerox versalink b7035 -
xerox versalink c400 firmware *
xerox versalink c400 -
xerox versalink c405 firmware *
xerox versalink c405 -
xerox versalink c500 firmware *
xerox versalink c500 -
xerox versalink c600 firmware *
xerox versalink c600 -
xerox versalink c505 firmware *
xerox versalink c505 -
xerox versalink c605 firmware *
xerox versalink c605 -
xerox versalink c7000 firmware *
xerox versalink c7000 -
xerox versalink c7020 firmware *
xerox versalink c7020 -
xerox versalink c7025 firmware *
xerox versalink c7025 -
xerox versalink c7030 firmware *
xerox versalink c7030 -
xerox versalink c8000 firmware *
xerox versalink c8000 -
xerox versalink c9000 firmware *
xerox versalink c9000 -
xerox phaser 6510 firmware *
xerox phaser 6510 -
xerox workcentre 6515 firmware *
xerox workcentre 6515 -
xerox versalink b400 firmware *
xerox versalink b400 -
xerox versalink b405 firmware *
xerox versalink b405 -
xerox versalink b610 firmware *
xerox versalink b610 -
xerox versalink b605 firmware *
xerox versalink b605 -
xerox versalink b615 firmware *
xerox versalink b615 -
xerox versalink b7025 firmware *
xerox versalink b7025 -
xerox versalink c400 firmware *
xerox versalink c400 -
xerox versalink c405 firmware *
xerox versalink c405 -
xerox versalink c500 firmware *
xerox versalink c500 -
xerox versalink c600 firmware *
xerox versalink c600 -
xerox versalink c505 firmware *
xerox versalink c505 -
xerox versalink c605 firmware *
xerox versalink c605 -
xerox versalink c7000 firmware *
xerox versalink c7000 -
xerox versalink c7020 firmware *
xerox versalink c7020 -
xerox versalink c7025 firmware *
xerox versalink c7025 -
xerox versalink c7030 firmware *
xerox versalink c7030 -
xerox versalink c8000 firmware *
xerox versalink c8000 -
xerox versalink c9000 firmware *
xerox versalink c9000 -
xerox versalink c8000w firmware *
xerox versalink c8000w -
xerox versalink b600 firmware *
xerox versalink b600 -
xerox versalink b7030 firmware *
xerox versalink b7030 -
xerox versalink b7035 firmware *
xerox versalink b7035 -
Denotes that component is vulnerable