68/68 Wednesday, February 19, 2025
Security researchers at Rapid7 have discovered vulnerabilities in Xerox VersaLink multifunction printers, identified as CVE-2024-12510 and CVE-2024-12511. These flaws affect VersaLink C7020, C7025, and C7030 models and allow attackers to exploit a pass-back attack to steal authentication credentials used in LDAP and SMB/FTP protocols. The issue arises from the ability to modify the authentication server’s IP address, redirecting it to a malicious server controlled by the attacker. This enables credential interception from the printer.
According to Rapid7, LDAP-based attacks allow hackers to capture credentials in clear text, while SMB/FTP attacks could be leveraged for SMB relay attacks, potentially enabling access to Windows Active Directory. This could facilitate lateral movement within the network, allowing attackers to infiltrate systems, access sensitive files, and compromise critical servers. The vulnerability was initially reported in March 2024.
Xerox addressed these vulnerabilities in January 2025 by releasing a Service Pack update for VersaLink C7020, C7025, and C7030. Organizations using these printers are advised to update their firmware to version 57.75.53 and implement additional security measures, such as setting complex administrator passwords, avoiding high-privilege Windows accounts, and disabling unauthenticated remote console access to mitigate potential exploitation.
Source https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/
