Vulnerability Name: CVE-2021-28673 (CCN-198992) Assigned: 2021-03-18 Published: 2021-03-18 Updated: 2021-04-05 Summary: Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRECVE-2021-28673 xerox-cve202128673-cmd-exec(198992) Xerox Phaser https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf Vulnerable Configuration: Configuration 1 :cpe:/o:xerox:phaser_6510_firmware:*:*:*:*:*:*:*:* (Version < 64.59.11)AND cpe:/h:xerox:phaser_6510:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:xerox:workcentre_6515_firmware:*:*:*:*:*:*:*:* (Version < 65.59.11)AND cpe:/h:xerox:workcentre_6515:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:xerox:versalink_b400_firmware:*:*:*:*:*:*:*:* (Version < 37.59.01)AND cpe:/h:xerox:versalink_b400:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:xerox:versalink_b405_firmware:*:*:*:*:*:*:*:* (Version < 38.59.01)AND cpe:/h:xerox:versalink_b405:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:xerox:versalink_b600_firmware:*:*:*:*:*:*:*:* (Version < 32.59.01)AND cpe:/h:xerox:versalink_b600:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:xerox:versalink_b610_firmware:*:*:*:*:*:*:*:* (Version < 32.59.01)AND cpe:/h:xerox:versalink_b610:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:xerox:versalink_b605_firmware:*:*:*:*:*:*:*:* (Version < 33.59.01)AND cpe:/h:xerox:versalink_b605:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:xerox:versalink_b615_firmware:*:*:*:*:*:*:*:* (Version < 33.59.01)AND cpe:/h:xerox:versalink_b615:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:xerox:versalink_b7025_firmware:*:*:*:*:*:*:*:* (Version < 58.59.11)AND cpe:/h:xerox:versalink_b7025:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:xerox:versalink_b7030_firmware:*:*:*:*:*:*:*:* (Version < 58.61.23)AND cpe:/h:xerox:versalink_b7030:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:xerox:versalink_b7035_firmware:*:*:*:*:*:*:*:* (Version < 58.59.11)AND cpe:/h:xerox:versalink_b7035:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:xerox:versalink_c400_firmware:*:*:*:*:*:*:*:* (Version < 67.59.01)AND cpe:/h:xerox:versalink_c400:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:xerox:versalink_c405_firmware:*:*:*:*:*:*:*:* (Version < 68.59.01)AND cpe:/h:xerox:versalink_c405:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:xerox:versalink_c500_firmware:*:*:*:*:*:*:*:* (Version < 61.59.01)AND cpe:/h:xerox:versalink_c500:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:xerox:versalink_c600_firmware:*:*:*:*:*:*:*:* (Version < 61.59.01)AND cpe:/h:xerox:versalink_c600:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:xerox:versalink_c505_firmware:*:*:*:*:*:*:*:* (Version < 62.59.11)AND cpe:/h:xerox:versalink_c505:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:xerox:versalink_c605_firmware:*:*:*:*:*:*:*:* (Version < 62.59.11)AND cpe:/h:xerox:versalink_c605:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:xerox:versalink_c7000_firmware:*:*:*:*:*:*:*:* (Version < 56.59.01)AND cpe:/h:xerox:versalink_c7000:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:xerox:versalink_c7020_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7020:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:xerox:versalink_c7025_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7025:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:xerox:versalink_c7030_firmware:*:*:*:*:*:*:*:* (Version < 57.59.01)AND cpe:/h:xerox:versalink_c7030:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:xerox:versalink_c8000_firmware:*:*:*:*:*:*:*:* (Version < 70.59.01)AND cpe:/h:xerox:versalink_c8000:-:*:*:*:*:*:*:* Configuration 23 :cpe:/o:xerox:versalink_c9000_firmware:*:*:*:*:*:*:*:* (Version < 70.59.01)AND cpe:/h:xerox:versalink_c9000:-:*:*:*:*:*:*:* Configuration 24 :cpe:/o:xerox:phaser_6510_firmware:*:*:*:*:*:*:*:* (Version < 64.61.23)AND cpe:/h:xerox:phaser_6510:-:*:*:*:*:*:*:* Configuration 25 :cpe:/o:xerox:workcentre_6515_firmware:*:*:*:*:*:*:*:* (Version < 65.61.23)AND cpe:/h:xerox:workcentre_6515:-:*:*:*:*:*:*:* Configuration 26 :cpe:/o:xerox:versalink_b400_firmware:*:*:*:*:*:*:*:* (Version < 37.61.23)AND cpe:/h:xerox:versalink_b400:-:*:*:*:*:*:*:* Configuration 27 :cpe:/o:xerox:versalink_b405_firmware:*:*:*:*:*:*:*:* (Version < 38.61.23)AND cpe:/h:xerox:versalink_b405:-:*:*:*:*:*:*:* Configuration 28 :cpe:/o:xerox:versalink_b610_firmware:*:*:*:*:*:*:*:* (Version < 32.61.23)AND cpe:/h:xerox:versalink_b610:-:*:*:*:*:*:*:* Configuration 29 :cpe:/o:xerox:versalink_b605_firmware:*:*:*:*:*:*:*:* (Version < 33.61.23)AND cpe:/h:xerox:versalink_b605:-:*:*:*:*:*:*:* Configuration 30 :cpe:/o:xerox:versalink_b615_firmware:*:*:*:*:*:*:*:* (Version < 33.61.23)AND cpe:/h:xerox:versalink_b615:-:*:*:*:*:*:*:* Configuration 31 :cpe:/o:xerox:versalink_b7025_firmware:*:*:*:*:*:*:*:* (Version < 58.61.23)AND cpe:/h:xerox:versalink_b7025:-:*:*:*:*:*:*:* Configuration 32 :cpe:/o:xerox:versalink_c400_firmware:*:*:*:*:*:*:*:* (Version < 67.61.23)AND cpe:/h:xerox:versalink_c400:-:*:*:*:*:*:*:* Configuration 33 :cpe:/o:xerox:versalink_c405_firmware:*:*:*:*:*:*:*:* (Version < 68.61.23)AND cpe:/h:xerox:versalink_c405:-:*:*:*:*:*:*:* Configuration 34 :cpe:/o:xerox:versalink_c500_firmware:*:*:*:*:*:*:*:* (Version < 61.61.23)AND cpe:/h:xerox:versalink_c500:-:*:*:*:*:*:*:* Configuration 35 :cpe:/o:xerox:versalink_c600_firmware:*:*:*:*:*:*:*:* (Version < 61.61.23)AND cpe:/h:xerox:versalink_c600:-:*:*:*:*:*:*:* Configuration 36 :cpe:/o:xerox:versalink_c505_firmware:*:*:*:*:*:*:*:* (Version < 62.61.23)AND cpe:/h:xerox:versalink_c505:-:*:*:*:*:*:*:* Configuration 37 :cpe:/o:xerox:versalink_c605_firmware:*:*:*:*:*:*:*:* (Version < 62.61.23)AND cpe:/h:xerox:versalink_c605:-:*:*:*:*:*:*:* Configuration 38 :cpe:/o:xerox:versalink_c7000_firmware:*:*:*:*:*:*:*:* (Version < 56.61.23)AND cpe:/h:xerox:versalink_c7000:-:*:*:*:*:*:*:* Configuration 39 :cpe:/o:xerox:versalink_c7020_firmware:*:*:*:*:*:*:*:* (Version < 57.61.23)AND cpe:/h:xerox:versalink_c7020:-:*:*:*:*:*:*:* Configuration 40 :cpe:/o:xerox:versalink_c7025_firmware:*:*:*:*:*:*:*:* (Version < 57.61.23)AND cpe:/h:xerox:versalink_c7025:-:*:*:*:*:*:*:* Configuration 41 :cpe:/o:xerox:versalink_c7030_firmware:*:*:*:*:*:*:*:* (Version < 57.61.23)AND cpe:/h:xerox:versalink_c7030:-:*:*:*:*:*:*:* Configuration 42 :cpe:/o:xerox:versalink_c8000_firmware:*:*:*:*:*:*:*:* (Version < 70.61.23)AND cpe:/h:xerox:versalink_c8000:-:*:*:*:*:*:*:* Configuration 43 :cpe:/o:xerox:versalink_c9000_firmware:*:*:*:*:*:*:*:* (Version < 70.61.23)AND cpe:/h:xerox:versalink_c9000:-:*:*:*:*:*:*:* Configuration 44 :cpe:/o:xerox:versalink_b600_firmware:*:*:*:*:*:*:*:* (Version < 32.61.23)AND cpe:/h:xerox:versalink_b600:-:*:*:*:*:*:*:* Configuration 45 :cpe:/o:xerox:versalink_b7030_firmware:*:*:*:*:*:*:*:* (Version < 58.61.23)AND cpe:/h:xerox:versalink_b7030:-:*:*:*:*:*:*:* Configuration 46 :cpe:/o:xerox:versalink_b7035_firmware:*:*:*:*:*:*:*:* (Version < 58.61.23)AND cpe:/h:xerox:versalink_b7035:-:*:*:*:*:*:*:* BACK
xerox phaser 6510 firmware *
xerox phaser 6510 -
xerox workcentre 6515 firmware *
xerox workcentre 6515 -
xerox versalink b400 firmware *
xerox versalink b400 -
xerox versalink b405 firmware *
xerox versalink b405 -
xerox versalink b600 firmware *
xerox versalink b600 -
xerox versalink b610 firmware *
xerox versalink b610 -
xerox versalink b605 firmware *
xerox versalink b605 -
xerox versalink b615 firmware *
xerox versalink b615 -
xerox versalink b7025 firmware *
xerox versalink b7025 -
xerox versalink b7030 firmware *
xerox versalink b7030 -
xerox versalink b7035 firmware *
xerox versalink b7035 -
xerox versalink c400 firmware *
xerox versalink c400 -
xerox versalink c405 firmware *
xerox versalink c405 -
xerox versalink c500 firmware *
xerox versalink c500 -
xerox versalink c600 firmware *
xerox versalink c600 -
xerox versalink c505 firmware *
xerox versalink c505 -
xerox versalink c605 firmware *
xerox versalink c605 -
xerox versalink c7000 firmware *
xerox versalink c7000 -
xerox versalink c7020 firmware *
xerox versalink c7020 -
xerox versalink c7025 firmware *
xerox versalink c7025 -
xerox versalink c7030 firmware *
xerox versalink c7030 -
xerox versalink c8000 firmware *
xerox versalink c8000 -
xerox versalink c9000 firmware *
xerox versalink c9000 -
xerox phaser 6510 firmware *
xerox phaser 6510 -
xerox workcentre 6515 firmware *
xerox workcentre 6515 -
xerox versalink b400 firmware *
xerox versalink b400 -
xerox versalink b405 firmware *
xerox versalink b405 -
xerox versalink b610 firmware *
xerox versalink b610 -
xerox versalink b605 firmware *
xerox versalink b605 -
xerox versalink b615 firmware *
xerox versalink b615 -
xerox versalink b7025 firmware *
xerox versalink b7025 -
xerox versalink c400 firmware *
xerox versalink c400 -
xerox versalink c405 firmware *
xerox versalink c405 -
xerox versalink c500 firmware *
xerox versalink c500 -
xerox versalink c600 firmware *
xerox versalink c600 -
xerox versalink c505 firmware *
xerox versalink c505 -
xerox versalink c605 firmware *
xerox versalink c605 -
xerox versalink c7000 firmware *
xerox versalink c7000 -
xerox versalink c7020 firmware *
xerox versalink c7020 -
xerox versalink c7025 firmware *
xerox versalink c7025 -
xerox versalink c7030 firmware *
xerox versalink c7030 -
xerox versalink c8000 firmware *
xerox versalink c8000 -
xerox versalink c9000 firmware *
xerox versalink c9000 -
xerox versalink b600 firmware *
xerox versalink b600 -
xerox versalink b7030 firmware *
xerox versalink b7030 -
xerox versalink b7035 firmware *
xerox versalink b7035 -
Denotes that component is vulnerable