LDAP Authentication Bypass in Xerox Products
CVE-2024-12510

6.7MEDIUM

Key Information:

Vendor
Xerox
Status
Versalink B400
Versalink B405
Versalink C400
Versalink C405
Vendor
CVE Published:
3 February 2025

Badges

πŸ“ˆ TrendedπŸ“ˆ Score: 4,160πŸ“° News Worthy

What is CVE-2024-12510?

CVE-2024-12510 is a notable vulnerability affecting Xerox products, specifically associated with LDAP (Lightweight Directory Access Protocol) authentication mechanisms. This vulnerability may allow an attacker with administrative access to manipulate LDAP settings, redirecting authentication processes to an alternative server. Such a scenario can lead to the unauthorized exposure of sensitive user credentials, ultimately posing significant security risks to organizations relying on these Xerox products for their operations.

Technical Details

The vulnerability resides in the LDAP authentication functionality of certain Xerox devices, where misconfigurations or improper access controls can be exploited by individuals with administrative privileges. By accessing the LDAP settings, an attacker could potentially re-route authentication requests to a malicious server, capturing sensitive credentials in the process. The exploit necessitates that the LDAP service is actively set up and accessible, thus limiting the attack surface but still enabling a concerning threat vector.

Potential Impact of CVE-2024-12510

  1. Credential Exposure: Organizations face the risk of unauthorized access to sensitive user accounts, as credentials may be captured and utilized by malicious actors for further infiltration or data exfiltration.

  2. Unauthorized Access to Systems: The exploitation of this vulnerability could grant attackers wide-ranging access to systems connected to the affected Xerox devices, enabling them to manipulate or steal critical information.

  3. Risk of Broader Network Compromise: Given the potential for credential theft, this vulnerability could serve as a stepping stone for attackers to escalate privileges within the network, potentially leading to larger-scale breaches and increased vulnerability to ransomware attacks.

Affected Version(s)

Phaser 6510 Windows 0 < 64.75.53

Versalink B400 Windows 0 < 37.82.53

Versalink B405 Windows 0 < 38.82.53

News Articles

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

favicon imageDark Reading

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

favicon imageSecurity Affairs

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks.

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.