Cyber Resilience

CVE-2021-28670

Critical

Published: 29 March 2021

Published
29 March 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0055 68.5th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-28670 is a critical-severity an unspecified weakness vulnerability in Xerox Altalink B8045 Firmware. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 31.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Xerox AltaLink B8045/B8090 before 103.008.030.32000, C8030/C8035 before 103.001.030.32000, C8045/C8055 before 103.002.030.32000 and C8070 before 103.003.030.32000 allow unauthorized users, by leveraging the Scan To Mailbox feature, to delete arbitrary files from the disk.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

xerox
altalink b8045 firmware
≤ 103.008.020.23120
xerox
altalink b8055 firmware
≤ 103.008.020.23120
xerox
altalink b8065 firmware
≤ 103.008.020.23120
xerox
altalink b8075 firmware
≤ 103.008.020.23120
xerox
altalink b8090 firmware
≤ 103.008.020.23120
xerox
altalink c8030 firmware
≤ 103.001.020.23120
xerox
altalink c8035 firmware
≤ 103.001.020.23120
xerox
altalink c8045 firmware
≤ 103.002.020.23120
xerox
altalink c8055 firmware
≤ 103.002.020.23120
xerox
altalink c8070 firmware
≤ 103.003.020.23120

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References