CVE-2021-28669
HIGHXerox AltaLink B80xx/C8030/C8035/C8045/C8055/C8070 < 103.008.020.23120 - Missing Authorization
Title source: llmDescription
Xerox AltaLink B80xx before 103.008.020.23120, C8030/C8035 before 103.001.020.23120, C8045/C8055 before 103.002.020.23120 and C8070 before 103.003.020.23120 provide the ability to set configuration attributes without administrative rights.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://securitydocs.business.xerox.com/wp-content/uploads/2020/09/cert_Security_Mini_Bulletin_XRX20R_for_ALB80xx-C80xx-2.pdf
Scores
CVSS v3
7.5
EPSS
0.0079
EPSS Percentile
51.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-862
Status
published
Products (10)
xerox/altalink_b8045_firmware
< 103.008.020.23120
xerox/altalink_b8055_firmware
< 103.008.020.23120
xerox/altalink_b8065_firmware
< 103.008.020.23120
xerox/altalink_b8075_firmware
< 103.008.020.23120
xerox/altalink_b8090_firmware
< 103.008.020.23120
xerox/altalink_c8030_firmware
< 103.001.020.23120
xerox/altalink_c8035_firmware
< 103.001.020.23120
xerox/altalink_c8045_firmware
< 103.002.020.23120
xerox/altalink_c8055_firmware
< 103.002.020.23120
xerox/altalink_c8070_firmware
< 103.003.020.23120
Published
Mar 29, 2021
Tracked Since
Feb 18, 2026