Listen to this Post
Recent security vulnerabilities discovered in Xerox VersaLink C7025 Multifunction Printers (MFPs) have raised significant concerns regarding the safety of authentication credentials. These flaws could enable attackers to capture sensitive information through pass-back attacks using Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. In this article, we’ll break down the nature of these vulnerabilities, the potential risks they pose to organizations, and how Xerox has responded to the issue.
the Vulnerabilities
Xerox VersaLink C7025 MFPs, running firmware versions 57.69.91 and earlier, have been found to contain vulnerabilities that can be exploited to capture authentication credentials. The two main issues identified are:
- CVE-2024-12510 (CVSS score: 6.7) – A pass-back attack via LDAP, allowing an attacker to redirect authentication credentials to a rogue server. This attack requires access to the LDAP configuration page.
-
CVE-2024-12511 (CVSS score: 7.6) – A pass-back attack via the user’s address book, enabling an attacker to manipulate the SMB/FTP server’s IP address, potentially capturing authentication credentials during file scan operations.
Exploitation of these vulnerabilities could lead to the exposure of Windows Active Directory credentials, allowing lateral movement within an organization’s network and potentially compromising other critical systems.
While successful exploitation of these vulnerabilities requires certain preconditions (such as physical or remote access to the printer’s control console), they still pose a significant risk to organizations. Following responsible disclosure, Xerox released a patch in Service Pack 57.75.53 to address the issues, but organizations are advised to take additional steps if they are unable to immediately patch their devices.
What Undercode Says:
The Xerox VersaLink C7025 vulnerabilities illustrate a critical issue often overlooked in office environments: the security of seemingly non-critical devices like printers. These multifunction printers are frequently connected to internal networks and are trusted with handling sensitive data, such as authentication credentials. However, this trust can be easily exploited by malicious actors if adequate security measures are not in place.
The vulnerabilities identified in the VersaLink printers highlight two primary methods of attack: LDAP pass-back and SMB/FTP pass-back attacks. The first, CVE-2024-12510, allows attackers to redirect authentication information to a rogue server. While this requires access to the printer’s LDAP configuration page, which may seem like a manageable access control issue, the risks involved are significant. If an attacker successfully redirects LDAP traffic to a malicious server, they gain access to critical authentication credentials, such as those used in Windows Active Directory. This could allow them to move laterally within the network, opening the door for further attacks against other servers or file systems.
Similarly, CVE-2024-12511, which exploits the printer’s address book configuration, allows attackers to manipulate SMB or FTP server settings, redirecting them to a malicious IP address. When a user scans documents, SMB or FTP authentication credentials can be exposed to the attacker. This attack not only highlights vulnerabilities in the printer’s software but also underlines the importance of securing user configurations, especially those involving sensitive data transfer protocols like SMB and FTP.
These vulnerabilities, though they may require a specific set of conditions to be exploited, demonstrate a critical blind spot in network security. The widespread use of networked printers in organizations is often coupled with lax security practices. Many businesses fail to secure these devices, leaving them exposed to attacks that can have far-reaching consequences.
One notable aspect of these vulnerabilities is the potential for lateral movement. With access to Windows Active Directory credentials, an attacker can escalate their privileges and navigate to other critical systems within the network. The ability to compromise additional servers or file systems significantly amplifies the risk. Thus, while the Xerox printer vulnerabilities might seem isolated at first glance, they present a vector for large-scale, multi-phase attacks.
Xerox’s response to these vulnerabilities, with the release of Service Pack 57.75.53, is a step in the right direction. However, it is important for organizations to understand that patching alone might not be sufficient. For instance, administrators should ensure that only complex passwords are used for admin accounts and avoid the use of elevated privilege accounts for authentication. Furthermore, disabling the remote-control console for unauthenticated users can significantly reduce the risk of unauthorized access.
Another critical takeaway from this situation is the growing trend of interconnected vulnerabilities across various technologies. As seen with the recent discovery of the unauthenticated SQL injection vulnerability in HealthStream MSOW, which could lead to full database compromise, these types of security weaknesses are not confined to just one sector or device. Attackers are constantly looking for new ways to exploit gaps in the security of widely used services. In this case, both Xerox printers and healthcare software are just two examples of how common yet overlooked systems can become entry points for cybercriminals.
In conclusion, organizations must not only patch software vulnerabilities but also adopt a more holistic security approach. This includes regular auditing of connected devices, strong password policies, and restricted access controls. The Xerox VersaLink C7025 vulnerabilities serve as a reminder that the weakest links in the network are often the most unexpected — like a printer or a healthcare management system. With cyber threats evolving rapidly, staying ahead of potential vulnerabilities is critical to protecting sensitive information and maintaining a secure network environment.
References:
Reported By: https://thehackernews.com/2025/02/new-xerox-printer-flaws-could-let.html
https://www.quora.com/topic/Technology
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help
