Cybersecurity researchers at Rapid7 have uncovered two significant security vulnerabilities in Xerox VersaLink enterprise multifunction devices that could enable malicious actors to harvest user credentials through sophisticated pass-back attacks. The vulnerabilities, tracked as CVE-2024-12510 and CVE-2024-12511, specifically target LDAP and SMB/FTP services, potentially exposing organizations to serious security risks.
Understanding the LDAP Authentication Vulnerability
The first vulnerability (CVE-2024-12510) presents a critical security risk by allowing attackers to intercept authentication credentials through LDAP request redirection. This exploit requires access to the LDAP configuration page and active LDAP authentication on the target system. Of particular concern is the potential compromise of Windows Active Directory credentials, which could grant unauthorized access to an organization’s core infrastructure components.
SMB/FTP Credential Harvesting Exploit
The second vulnerability (CVE-2024-12511) exploits the device’s address book functionality. Attackers can manipulate SMB or FTP server IP addresses used for scanning operations, enabling credential interception during authentication processes. This attack vector requires either physical access to the printer console or access through the web management interface, making it particularly dangerous in environments with inadequate physical security measures.
Affected Systems and Security Implications
The vulnerabilities affect VersaLink devices running firmware version 57.69.91 and earlier, including popular models in the C7020, C7025, and C7030 series. These security flaws could potentially compromise entire corporate networks if exploited successfully, especially in environments where printers are integrated with Active Directory authentication.
Mitigation Strategies and Recommendations
Xerox has addressed these vulnerabilities by releasing firmware update 57.75.53. Security administrators should implement the following protective measures:
1. Immediate firmware update to version 57.75.53
2. Implementation of complex administrator passwords
3. Restriction of privileged Windows account usage for printer operations
4. Disabling remote management access for unauthenticated users
5. Regular security audits of printer configurations
Organizations unable to immediately update their firmware should implement strict access controls and monitoring mechanisms to detect potential exploitation attempts. Regular security assessments and prompt application of security patches remain crucial for maintaining a robust printer security posture in corporate environments. The discovery of these vulnerabilities serves as a reminder that network-connected printers can serve as significant entry points for cyber attacks, requiring the same level of security attention as other enterprise infrastructure components.
