Description

Xerox Phaser 6510 before 64.61.23 and 64.59.11 (Bridge), WorkCentre 6515 before 65.61.23 and 65.59.11 (Bridge), VersaLink B400 before 37.61.23 and 37.59.01 (Bridge), B405 before 38.61.23 and 38.59.01 (Bridge), B600/B610 before 32.61.23 and 32.59.01 (Bridge), B605/B615 before 33.61.23 and 33.59.01 (Bridge), B7025/30/35 before 58.61.23 and 58.59.11 (Bridge), C400 before 67.61.23 and 67.59.01 (Bridge), C405 before 68.61.23 and 68.59.01 (Bridge), C500/C600 before 61.61.23 and 61.59.01 (Bridge), C505/C605 before 62.61.23 and 62.59.11 (Bridge), C7000 before 56.61.23 and 56.59.01 (Bridge), C7020/25/30 before 57.61.23 and 57.59.01 (Bridge), C8000/C9000 before 70.61.23 and 70.59.01 (Bridge), allows remote attackers with "a weaponized clone file" to execute arbitrary commands in the Web User Interface.

Related CPE's

o

xerox

phaser_6510_firmware

2

h

xerox

phaser_6510

2

o

xerox

workcentre_6515_firmware

2

h

xerox

workcentre_6515

2

o

xerox

versalink_b400_firmware

2

h

xerox

versalink_b400

2

o

xerox

versalink_b405_firmware

2

h

xerox

versalink_b405

2

o

xerox

versalink_b600_firmware

2

h

xerox

versalink_b600

2

o

xerox

versalink_b610_firmware

2

h

xerox

versalink_b610

2

o

xerox

versalink_b605_firmware

2

h

xerox

versalink_b605

2

o

xerox

versalink_b615_firmware

2

h

xerox

versalink_b615

2

o

xerox

versalink_b7025_firmware

2

h

xerox

versalink_b7025

2

o

xerox

versalink_b7030_firmware

2

h

xerox

versalink_b7030

2

o

xerox

versalink_b7035_firmware

2

h

xerox

versalink_b7035

2

o

xerox

versalink_c400_firmware

2

h

xerox

versalink_c400

2

o

xerox

versalink_c405_firmware

2

h

xerox

versalink_c405

2

o

xerox

versalink_c500_firmware

2

h

xerox

versalink_c500

2

o

xerox

versalink_c600_firmware

2

h

xerox

versalink_c600

2

o

xerox

versalink_c505_firmware

2

h

xerox

versalink_c505

2

o

xerox

versalink_c605_firmware

2

h

xerox

versalink_c605

2

o

xerox

versalink_c7000_firmware

2

h

xerox

versalink_c7000

2

o

xerox

versalink_c7020_firmware

2

h

xerox

versalink_c7020

2

o

xerox

versalink_c7025_firmware

2

h

xerox

versalink_c7025

2

o

xerox

versalink_c7030_firmware

2

h

xerox

versalink_c7030

2

o

xerox

versalink_c8000_firmware

2

h

xerox

versalink_c8000

2

o

xerox

versalink_c9000_firmware

2

h

xerox

versalink_c9000

2

References

https://securitydocs.business.xerox.com/wp-content/uploads/2020/06/cert_Security_Mini_Bulletin_XRX20K_for_PH6510_WC6515_VLB4xx_C4xx_B6XX_B70xx_C5xx_C6xx_C7xxx.pdf

Vendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-03-29T20:15:13.453

4 years ago

Last modified

2021-04-05T20:20:24.257

4 years ago