Listen to this Post
2025-02-18
Xerox, a trusted name in multifunction printers (MFPs), is now in the spotlight due to two significant vulnerabilities discovered in its VersaLink C7025 models. These flaws in its firmware have the potential to allow attackers to bypass traditional security measures and gain unauthorized access to critical systems within an organization’s Windows environment. As printers increasingly become part of the corporate network, this incident underscores a rising threat that many organizations have overlooked—printer vulnerabilities. The issue is especially concerning for businesses relying on remote and hybrid work models where printers serve as network gateways.
the Issue
Researchers at Rapid7 discovered two critical vulnerabilities in Xerox VersaLink C7025 printers, specifically in versions of firmware up to 57.69.91. These flaws, CVE-2024-12510 and CVE-2024-12511, allow attackers to execute pass-back attacks, a method used to intercept user credentials. The vulnerabilities impact the printer’s LDAP and SMB/FTP configurations, enabling attackers to change settings that direct the device to a malicious server. By doing so, attackers can capture sensitive credentials used for Windows Active Directory and other systems.
The scope of the threat is alarming. If exploited, an attacker can use these credentials to gain full control of Windows file services, domain information, and email accounts. The fact that these printers often store highly sensitive data, such as Domain Admin credentials, makes them an ideal target for cybercriminals. This vulnerability has been patched by Xerox, but the risk remains for unpatched systems and those unable to immediately update.
What Undercode Says:
The Xerox printer vulnerabilities highlight a growing trend: the overlooked risks that devices like printers and scanners pose in a corporate network. In the context of cybersecurity, printers are often viewed as peripheral and low-priority devices. However, this incident with the VersaLink C7025 should serve as a wake-up call to organizations about the critical security gap these devices represent. Printers are no longer just standalone machines but interconnected devices that communicate over the network, making them a potential entry point for attackers to compromise internal systems.
The two vulnerabilities discovered—CVE-2024-12510 (LDAP pass-back) and CVE-2024-12511 (SMB/FTP pass-back)—both rely on attackers manipulating the printer’s configuration. These flaws are particularly dangerous because they allow attackers to capture sensitive authentication credentials. LDAP (Lightweight Directory Access Protocol) is commonly used in corporate networks for managing authentication, while SMB (Server Message Block) and FTP (File Transfer Protocol) services are vital for file-sharing and remote scanning functions. If an attacker compromises these services, they could potentially access sensitive data or move laterally within the network to exploit other vulnerabilities.
What makes this particularly concerning is that, in many cases, printers are not properly secured. Often, default passwords are not changed, and older, vulnerable configurations remain intact. Attackers can exploit this by connecting to the printer via a web browser and manipulating its settings. Once an attacker gains access, they can alter the printer’s configuration to send authentication credentials to their own malicious server. This attack could lead to the capture of not only regular user credentials but, more alarmingly, Domain Admin credentials—granting the attacker full control over an organization’s IT infrastructure.
The fact that these vulnerabilities exist in a widely used device such as the Xerox VersaLink C7025 is a stark reminder of the importance of securing all devices connected to the network, even those that may seem “harmless” at first glance. This kind of attack is not unique to Xerox—many other manufacturers face similar risks with their printer lines, especially when printers are integrated into larger IT ecosystems without thorough security checks.
A New Attack Surface for Cybercriminals
In the digital era, every connected device is a potential entry point for cybercriminals. The rise in remote and hybrid work models only increases the surface area for potential attacks, and printers are often left unchecked. Research by Quocirca has found that a significant number of businesses (67% in 2024) have encountered security incidents related to printer vulnerabilities. This growing trend highlights the need for businesses to update their security protocols and treat all connected devices, including printers, with the same level of scrutiny as other IT infrastructure.
The vulnerabilities discovered in Xerox printers could be considered “low-hanging fruit” for attackers with the necessary technical skills. Yet, these kinds of vulnerabilities are often overlooked due to the complexity involved in securing networked devices. Many businesses may not be aware that their printers are configured to use Windows authentication services or have other settings that make them vulnerable to exploitation. While attackers may need advanced knowledge to exploit the flaws fully, once a device is compromised, it can open the floodgates to much larger network breaches.
Moreover, organizations that use default settings or neglect firmware updates put themselves at even greater risk. Attackers are becoming more adept at exploiting these weak points, and once they gain access, the damage they can inflict is severe. Cybercriminals can easily use harvested credentials to gain access to critical systems, steal data, or deploy further attacks on internal servers.
Xerox’s Response and Mitigation Measures
Xerox has responded to the discovered vulnerabilities by releasing a patch to fix the issues in its VersaLink MFP firmware. However, not all organizations will be able to implement the patch immediately. Until a patch is applied, businesses should take several precautionary measures to minimize their exposure to potential attacks.
The first step is to change the default admin passwords and use complex passwords for all sensitive accounts. Additionally, businesses should avoid using privileged Windows authentication accounts, such as Domain Admin credentials, for services like LDAP and SMB on printers. Organizations should also ensure that their printers are not accessible by unauthenticated users through remote-control consoles.
These mitigation strategies are essential for organizations that cannot immediately apply patches. However, they do not replace the need for regular software updates and comprehensive security audits across the network, including for networked printers. If companies continue to neglect security on peripheral devices, they leave themselves vulnerable to increasingly sophisticated threats.
The Bigger Picture
The Xerox printer vulnerabilities emphasize a critical gap in cybersecurity awareness. While organizations often focus their security efforts on high-profile systems, peripheral devices like printers can be just as dangerous if left unsecured. Cybercriminals are increasingly targeting these overlooked devices to gain a foothold in corporate networks.
The lesson here is clear: In today’s interconnected world, no device is too small or too insignificant to ignore. Whether it’s a printer, a scanner, or another IoT device, organizations must take proactive steps to secure all devices that touch their network. This includes regular firmware updates, the use of strong passwords, and ensuring that devices are only accessible to authorized users. With the growing trend of cyberattacks targeting unprotected devices, businesses must act quickly to close these gaps and protect themselves from potentially devastating breaches.
References:
Reported By: https://www.darkreading.com/iot/xerox-printer-vulnerabilities-credential-capture
Extra Source Hub:
https://www.digitaltrends.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help




