Strix
26.1K

CVE-2021-28672

CRITICALCVSS 9.8/10EPSS 2.17%

Last modified

CVE-2021-28672 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.. EPSS estimates a 2.17% chance of exploitation in the next 30 days.

Description

Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
2.17%

80.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
XeroxPhaser 6510 Firmware< 64.59.11
XeroxWorkcentre 6515 Firmware< 65.59.11
XeroxVersalink B400 Firmware< 37.59.01
XeroxVersalink B405 Firmware< 38.59.01
XeroxVersalink B600 Firmware< 32.59.01
XeroxVersalink B610 Firmware< 32.59.01
XeroxVersalink B605 Firmware< 33.59.01
XeroxVersalink B615 Firmware< 33.59.01
XeroxVersalink B7025 Firmware< 58.59.11
XeroxVersalink B7030 Firmware< 58.59.11
XeroxVersalink B7035 Firmware< 58.59.11
XeroxVersalink C400 Firmware< 67.59.01
XeroxVersalink C405 Firmware< 68.59.01
XeroxVersalink C500 Firmware< 61.59.01
XeroxVersalink C600 Firmware< 61.59.01
XeroxVersalink C505 Firmware< 62.59.01
XeroxVersalink C605 Firmware< 62.59.01
XeroxVersalink C7000 Firmware< 56.59.01
XeroxVersalink C7020 Firmware< 57.59.01
XeroxVersalink C7025 Firmware< 57.59.01
XeroxVersalink C7030 Firmware< 57.59.01
XeroxVersalink C8000 Firmware< 70.59.01
XeroxVersalink C9000 Firmware< 70.59.01
XeroxPhaser 6510 Firmware< 64.65.51
XeroxWorkcentre 6515 Firmware< 65.65.51
XeroxVersalink B400 Firmware< 37.65.51
XeroxVersalink B405 Firmware< 38.65.51
XeroxVersalink B610 Firmware< 32.65.51
XeroxVersalink B605 Firmware< 33.65.51
XeroxVersalink B615 Firmware< 33.65.51
XeroxVersalink B7025 Firmware< 58.65.51
XeroxVersalink C400 Firmware< 67.65.51
XeroxVersalink C405 Firmware< 68.65.51
XeroxVersalink C500 Firmware< 61.65.51
XeroxVersalink C600 Firmware< 61.65.51
XeroxVersalink C505 Firmware< 62.65.51
XeroxVersalink C605 Firmware< 62.65.51
XeroxVersalink C7000 Firmware< 56.65.51
XeroxVersalink C7020 Firmware< 57.65.51
XeroxVersalink C7025 Firmware< 57.65.51
XeroxVersalink C7030 Firmware< 57.65.51
XeroxVersalink C8000 Firmware< 70.65.51
XeroxVersalink C9000 Firmware< 70.65.51
XeroxVersalink C8000w Firmware< 72.65.51
XeroxVersalink B600 Firmware< 32.65.51
XeroxVersalink B7030 Firmware< 58.65.51
XeroxVersalink B7035 Firmware< 58.65.51

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-28672?
Xerox Phaser 6510 before 64.65.51 and 64.59.11 (Bridge), WorkCentre 6515 before 65.65.51 and 65.59.11 (Bridge), VersaLink B400 before 37.65.51 and 37.59.01 (Bridge), B405 before 38.65.51 and 38.59.01 (Bridge), B600/B610 before 32.65.51 and 32.59.01 (Bridge), B605/B615 before 33.65.51 and 33.59.01 (Bridge), B7025/30/35 before 58.65.51 and 58.59.11 (Bridge), C400 before 67.65.51 and 67.59.01 (Bridge), C405 before 68.65.51 and 68.59.01 (Bridge), C500/C600 before 61.65.51 and 61.59.01 (Bridge), C505/C605 before 62.65.51 and 62.59.01 (Bridge), C7000 before 56.65.51 and 56.59.01 (Bridge), C7020/25/30 before 57.65.51 and 57.59.01 (Bridge), C8000/C9000 before 70.65.51 and 70.59.01 (Bridge), C8000W before 72.65.51 allows remote attackers to execute arbitrary code through a buffer overflow in Web page parameter handling.
How severe is CVE-2021-28672?
CVE-2021-28672 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 2.17% probability of exploitation in the next 30 days.
How do I fix CVE-2021-28672?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-28672?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST