CVE-2021-28670 : What You Need to Know

Xerox AltaLink B8045/B8090, C8030/C8035, C8045/C8055, and C8070 allow unauthorized users to delete arbitrary files from the disk through the Scan To Mailbox feature.

Understanding CVE-2021-28670

This CVE describes a security vulnerability in Xerox AltaLink series that could be exploited by unauthorized users.

What is CVE-2021-28670?

CVE-2021-28670 impacts various Xerox AltaLink models, enabling unauthorized users to delete any files from the disk using the Scan To Mailbox feature.

The Impact of CVE-2021-28670

The vulnerability poses a significant security risk as it allows malicious actors to remove critical files from Xerox devices without proper authorization.

Technical Details of CVE-2021-28670

This section outlines specific technical details of the vulnerability.

Vulnerability Description

Xerox AltaLink devices prior to specific firmware versions are vulnerable to unauthorized file deletion.

Affected Systems and Versions

Impacted Xerox AltaLink models include B8045, B8090, C8030, C8035, C8045, C8055, and C8070 running firmware versions before specific numbers.

Exploitation Mechanism

The vulnerability can be exploited by leveraging the Scan To Mailbox feature, which allows unauthorized users to delete files from the disk.

Mitigation and Prevention

Protecting systems from CVE-2021-28670 requires immediate action and long-term security measures.

Immediate Steps to Take

Apply the recommended security patches and updates provided by Xerox to mitigate the vulnerability.

Long-Term Security Practices

Implement strict access controls, monitor device activities, and educate users on safe scanning practices to prevent unauthorized file deletions.

Patching and Updates

Regularly check for firmware updates from Xerox and promptly install patches to address security vulnerabilities.