Weakness in Xerox Printer SMB/FTP Configuration Management
CVE-2024-12511

7.6HIGH

Key Information:

Vendor: Xerox
Status: Versalink B400; Versalink B405; Versalink C400; Versalink C405
Vendor: CVE Published:; 3 February 2025

Summary

A security vulnerability in Xerox printers allows unauthorized modification of SMB and FTP settings through address book access. This can lead to redirected scans and the potential capture of sensitive credentials. The issue necessitates that scanning features and printer access are enabled, creating an exploit vector for malicious actors. Ensuring proper configuration and access controls is critical for safeguarding sensitive data.

Affected Version(s)

Phaser 6510 Windows 0 < 64.75.53

Versalink B400 Windows 0 < 37.82.53

Versalink B405 Windows 0 < 38.82.53

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Dec 11, 2024