- Security researchers found two failures that affect Xerox Versalink MFP printers
- Defects could be used in “approval” attacks to steal login credentials
- Patches and solutions are already available, so update now
Some Xerox printers are vulnerable to an “approval” attack that can be used to steal login credentials, experts warned.
Cybersecurity researchers Rapid7 discovered vulnerability and reported it in an in -depth analysis, saying that during security tests, it found a vulnerability that affected Xerox Versalink MFP printers. This defect can be abused through LDAP or SMB /FTP, to set up a setback attack, and with that in mind, it was given two CVE: CVE-2024-12510 for LDAP and CVE-2024-12511 for SMB /FTP . The vulnerabilities received gravity scores of 6.7/10 (medium) and 7.6/10 (high) respectively, and affected the firmware versions 57.69.91 and previous.
“This setback style attack takes advantage of a vulnerability that allows a malicious actor to alter the MFP configuration and make the MFP device send authentication credentials to the malicious actor,” the researchers explained. “This attack style can be used to capture authentication data.”
Capture login credentials
The technical details can be found in the blog post here, but the essence is that if a threat actor gains access to the configuration of an printer administration, and LDAP is used for authentication, you can change the LDAP server to which it They control, capturing the login credentials.
They can also kidnap the printer file scan function to steal SMB or FTP credentials, potentially compromising Windows Active Directory and other critical systems.
“To make this attack successful, the attacker requires that a SMB or FTP scan function is configured within the user’s address book, as well as physical access to the printer console or access to the remote control console Through the web interface “, the researchers”, the researchers “, the researchers”, the researchers “, the researchers”, the researchers “, the researchers”, the researchers “, stressed.
“This may require administrator’s access unless user access to the remote control console has been enabled.”
After being inclined, Xerox issued the Service Pack service 57.75.53, which solved the problem for printers of the Versalink C7020, 7025 and 7030 series.
Those who cannot apply the immediate patches that establish stronger passwords for their administration accounts are recommended to use Windows authentication accounts with high privileges and disable the remote control console for unauthorized users.
