CVE-2021-28670

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
xeroxaltalink_b8045_firmware
𝑥
< 103.008.020.23120
xeroxaltalink_b8055_firmware
𝑥
< 103.008.020.23120
xeroxaltalink_b8065_firmware
𝑥
< 103.008.020.23120
xeroxaltalink_b8075_firmware
𝑥
< 103.008.020.23120
xeroxaltalink_b8090_firmware
𝑥
< 103.008.020.23120
xeroxaltalink_c8030_firmware
𝑥
< 103.001.020.23120
xeroxaltalink_c8035_firmware
𝑥
< 103.001.020.23120
xeroxaltalink_c8045_firmware
𝑥
< 103.002.020.23120
xeroxaltalink_c8055_firmware
𝑥
< 103.002.020.23120
xeroxaltalink_c8070_firmware
𝑥
< 103.003.020.23120
𝑥
= Vulnerable software versions
References
https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf
https://securitydocs.business.xerox.com/wp-content/uploads/2020/12/cert_Security_Mini_Bulletin_XRX20X_for_ALB80xx-C80xxv.pdf