Ethical Hacking News
Xerox VersaLink C7025 Multifunction printer flaws have been discovered, potentially exposing Windows Active Directory credentials to attackers. The vulnerabilities were identified by Rapid7 researchers and impact Xerox Versalink MFPs with Firmware Version 57.69.91 and earlier.
Xerox VersaLink C7025 Multifunction printer has discovered flaws that expose Windows Active Directory credentials to attackers. Vulnerabilities impact Xerox Versalink MFPs with Firmware Version 57.69.91 and earlier. Attackers can access LDAP or SMB/FTP services, allowing them to alter the printer's configuration. Two identified vulnerabilities, CVE-2024-12511 and CVE-2024-12510, pose significant security risks. If left unpatched, they could allow attackers to capture authentication credentials for Windows Active Directory. To mitigate the risk, update firmware to the latest version or implement alternative security measures.
Xerox VersaLink C7025 Multifunction printer flaws have been discovered, potentially exposing Windows Active Directory credentials to attackers. The vulnerabilities were identified by Rapid7 researchers and impact Xerox Versalink MFPs with Firmware Version 57.69.91 and earlier.
The discovery of these vulnerabilities is a significant security concern for organizations that use the Xerox VersaLink C7025 Multifunction printer in their network infrastructure. According to Rapid7, the printer's configuration can be altered by an attacker who has access to the LDAP (Lightweight Directory Access Protocol) or SMB/FTP (Server Message Block/File Transfer Protocol) services.
The first vulnerability, CVE-2024-12511, is a pass-back attack via SMB/FTP. This type of attack allows an attacker to redirect authentication credentials to their controlled host by modifying the user's address book configuration. The attackers can then use this information to intercept NetNTLMV2 handshakes for an SMB relay attack or obtain clear-text FTP credentials.
The second vulnerability, CVE-2024-12510, is a pass-back attack via LDAP. An attacker with access to the LDAP configuration page can change the LDAP server's IP address to a rogue system, triggering an LDAP lookup that authenticates against their controlled host. The attackers can then capture clear-text LDAP credentials by running a port listener.
These vulnerabilities have serious implications for organizations that use Xerox VersaLink C7025 Multifunction printers in their network infrastructure. If left unpatched, they could allow attackers to capture authentication credentials for Windows Active Directory, which would provide them with access to sensitive information and potentially compromise other critical servers and file systems within the organization.
To mitigate these risks, organizations using Xerox VersaLink C7025 Multifunction printers are advised to update their firmware to the latest version. If patching is not possible, they should set a strong admin password, avoid using high-privilege Windows accounts for LDAP or SMB, and disable unauthenticated remote access.
In conclusion, the discovery of these vulnerabilities highlights the importance of regular software updates and the need for organizations to be vigilant about securing their network infrastructure against potential security threats. By taking proactive measures to address these vulnerabilities, organizations can reduce the risk of a successful attack and protect sensitive information within their systems.
Related Information:
https://securityaffairs.com/174342/hacking/xerox-versalink-c7025-multifunction-printer-flaws.html
https://nvd.nist.gov/vuln/detail/CVE-2024-12510
https://www.cvedetails.com/cve/CVE-2024-12510/
https://nvd.nist.gov/vuln/detail/CVE-2024-12511
https://www.cvedetails.com/cve/CVE-2024-12511/
Published: Tue Feb 18 09:03:01 2025 by llama3.2 3B Q4_K_M
