Unauthorized File Deletion Vulnerability in Xerox AltaLink Products
CVE-2021-28670

9.1CRITICAL

Key Information:

Vendor: Xerox
Status: Altalink B8045 Firmware
Vendor: CVE Published:; 29 March 2021

Summary

Xerox AltaLink printers, specifically B8045/B8090, C8030/C8035, C8045/C8055, and C8070 models prior to their respective firmware versions, are susceptible to a security flaw that enables unauthorized users to delete arbitrary files on the device's disk by exploiting the Scan To Mailbox feature. This vulnerability poses a risk of data loss and could lead to the compromise of sensitive information.

References

https://securitydocs.business.xerox.com/wp-content/upload...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 29, 2021
Vulnerability Reserved
Mar 18, 2021