Lucene search

[email protected]CVE-2021-28672

HistoryMar 29, 2021 - 9:15 p.m.

CVE-2021-28672

2021-03-2921:15:13

CWE-120

[email protected]

web.nvd.nist.gov

cve-2021-28672

xerox

phaser

workcentre

versalink

rce

vulnerability

buffer overflow

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.

Affected configurations

NVD

Node

xeroxphaser_6510_firmwareRange<64.59.11

AND

xeroxphaser_6510Match-

Node

xeroxworkcentre_6515_firmwareRange<65.59.11

AND

xeroxworkcentre_6515Match-

Node

xeroxversalink_b400_firmwareRange<37.59.01

AND

xeroxversalink_b400Match-

Node

xeroxversalink_b405_firmwareRange<38.59.01

AND

xeroxversalink_b405Match-

Node

xeroxversalink_b600_firmwareRange<32.59.01

AND

xeroxversalink_b600Match-

Node

xeroxversalink_b610_firmwareRange<32.59.01

AND

xeroxversalink_b610Match-

Node

xeroxversalink_b605_firmwareRange<33.59.01

AND

xeroxversalink_b605Match-

Node

xeroxversalink_b615_firmwareRange<33.59.01

AND

xeroxversalink_b615Match-

Node

xeroxversalink_b7025_firmwareRange<58.59.11

AND

xeroxversalink_b7025Match-

Node

xeroxversalink_b7030_firmwareRange<58.59.11

AND

xeroxversalink_b7030Match-

Node

xeroxversalink_b7035_firmwareRange<58.59.11

AND

xeroxversalink_b7035Match-

Node

xeroxversalink_c400_firmwareRange<67.59.01

AND

xeroxversalink_c400Match-

Node

xeroxversalink_c405_firmwareRange<68.59.01

AND

xeroxversalink_c405Match-

Node

xeroxversalink_c500_firmwareRange<61.59.01

AND

xeroxversalink_c500Match-

Node

xeroxversalink_c600_firmwareRange<61.59.01

AND

xeroxversalink_c600Match-

Node

xeroxversalink_c505_firmwareRange<62.59.01

AND

xeroxversalink_c505Match-

Node

xeroxversalink_c605_firmwareRange<62.59.01

AND

xeroxversalink_c605Match-

Node

xeroxversalink_c7000_firmwareRange<56.59.01

AND

xeroxversalink_c7000Match-

Node

xeroxversalink_c7020_firmwareRange<57.59.01

AND

xeroxversalink_c7020Match-

Node

xeroxversalink_c7025_firmwareRange<57.59.01

AND

xeroxversalink_c7025Match-

Node

xeroxversalink_c7030_firmwareRange<57.59.01

AND

xeroxversalink_c7030Match-

Node

xeroxversalink_c8000_firmwareRange<70.59.01

AND

xeroxversalink_c8000Match-

Node

xeroxversalink_c9000_firmwareRange<70.59.01

AND

xeroxversalink_c9000Match-

Node

xeroxphaser_6510_firmwareRange<64.65.51

AND

xeroxphaser_6510Match-

Node

xeroxworkcentre_6515_firmwareRange<65.65.51

AND

xeroxworkcentre_6515Match-

Node

xeroxversalink_b400_firmwareRange<37.65.51

AND

xeroxversalink_b400Match-

Node

xeroxversalink_b405_firmwareRange<38.65.51

AND

xeroxversalink_b405Match-

Node

xeroxversalink_b610_firmwareRange<32.65.51

AND

xeroxversalink_b610Match-

Node

xeroxversalink_b605_firmwareRange<33.65.51

AND

xeroxversalink_b605Match-

Node

xeroxversalink_b615_firmwareRange<33.65.51

AND

xeroxversalink_b615Match-

Node

xeroxversalink_b7025_firmwareRange<58.65.51

AND

xeroxversalink_b7025Match-

Node

xeroxversalink_c400_firmwareRange<67.65.51

AND

xeroxversalink_c400Match-

Node

xeroxversalink_c405_firmwareRange<68.65.51

AND

xeroxversalink_c405Match-

Node

xeroxversalink_c500_firmwareRange<61.65.51

AND

xeroxversalink_c500Match-

Node

xeroxversalink_c600_firmwareRange<61.65.51

AND

xeroxversalink_c600Match-

Node

xeroxversalink_c505_firmwareRange<62.65.51

AND

xeroxversalink_c505Match-

Node

xeroxversalink_c605_firmwareRange<62.65.51

AND

xeroxversalink_c605Match-

Node

xeroxversalink_c7000_firmwareRange<56.65.51

AND

xeroxversalink_c7000Match-

Node

xeroxversalink_c7020_firmwareRange<57.65.51

AND

xeroxversalink_c7020Match-

Node

xeroxversalink_c7025_firmwareRange<57.65.51

AND

xeroxversalink_c7025Match-

Node

xeroxversalink_c7030_firmwareRange<57.65.51

AND

xeroxversalink_c7030Match-

Node

xeroxversalink_c8000_firmwareRange<70.65.51

AND

xeroxversalink_c8000Match-

Node

xeroxversalink_c9000_firmwareRange<70.65.51

AND

xeroxversalink_c9000Match-

Node

xeroxversalink_c8000w_firmwareRange<72.65.51

AND

xeroxversalink_c8000wMatch-

Node

xeroxversalink_b600_firmwareRange<32.65.51

AND

xeroxversalink_b600Match-

Node

xeroxversalink_b7030_firmwareRange<58.65.51

AND

xeroxversalink_b7030Match-

Node

xeroxversalink_b7035_firmwareRange<58.65.51

AND

xeroxversalink_b7035Match-

CPENameOperatorVersion
xerox:phaser_6510_firmwarexerox phaser 6510 firmwarelt64.59.11

CPE	Name	Operator	Version
xerox:phaser_6510_firmware	xerox phaser 6510 firmware	lt	64.59.11

References

securitydocs.business.xerox.com/wp-content/uploads/2021/03/cert_Security_Mini_Bulletin_XRX21D_for_PH6510_WC6515_VersaLink-1.pdf

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.7%

JSON

Related for CVE-2021-28672

cvelist1 nvd1 prion1