Weakness in Xerox Printer SMB/FTP Configuration Management
CVE-2024-12511

7.6HIGH

Key Information:

Vendor
Xerox
Status
Versalink B400
Versalink B405
Versalink C400
Versalink C405
Vendor
CVE Published:
3 February 2025

Badges

📰 News Worthy

Summary

A security vulnerability in Xerox printers allows unauthorized modification of SMB and FTP settings through address book access. This can lead to redirected scans and the potential capture of sensitive credentials. The issue necessitates that scanning features and printer access are enabled, creating an exploit vector for malicious actors. Ensuring proper configuration and access controls is critical for safeguarding sensitive data.

Affected Version(s)

Phaser 6510 Windows 0 < 64.75.53

Versalink B400 Windows 0 < 37.82.53

Versalink B405 Windows 0 < 38.82.53

News Articles

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

favicon imageDark Reading

Xerox Printer Vulnerabilities Enable Credential Capture

Attackers are using patched bugs to potentially gain unfettered access to an organization's Windows environment under certain conditions.

favicon imageSecurity Affairs

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks.

References

https://securitydocs.business.xerox.com/wp-content/upload...

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.