- Security researchers found two deficiencies affecting Xerox Versalink MFP printers
- The deficiencies could be used in “Pass-back” attack to steal login-credentials
- Patches and solutions are already available so update now
Some Xerox printers are vulnerable to a “pass-back” attack that can be used to steal login credentials, experts have warned.
CyberSecurity scientists RAPID7 discovered the vulnerability and reported it in an in-depth analysis and said it found a vulnerability that affects Xerox Versalink MFP printers under security test. This error can be abused either via LDAP or SMB /FTP, to mount a pass-back attack, and with that in mind it got two CVE: CVE-2024-12510 for LDAP and CVE-2024-12511 for SMB / FTP. The vulnerabilities received severity results of 6.7/10 (Medium) and 7.6/10 (high) and affect Firmwar versions 57.69.91 and earlier.
“This Pass-Back-style attack exploits a vulnerability that allows a malicious actor to change the MFP’s configuration and get the MFP device to send the approval information back to the malicious actor,” the researchers explained. “This attack style can be used to catch approval data.”
Recording Login -AdIrimation Information
The technical details can be found in the blog post here, but the core is that if a threat actor has access to a printer’s administrator settings and LDAP is used for approval, they can change the LDAP server to the one they control, catch login accrediters.
They can also hijack the printer’s scan-to-file feature to steal SMB or FTP credentials, which potentially compromise with Windows Active Directory and other critical systems.
“In order for this attack to be successful, the striker requires an SMB or FTP scan feature to be configured in the user’s address book as well as physical access to the printer console or access to the remote control console via the web interface,” the researchers stressed.
“This may require administrator access unless usage level access to the remote control console is enabled.”
After being the tip, Xerox Service Pack Service Pack Pack 57.75.53, which solved the problem for Versalink C7020, 7025 and 7030 series.
Those who are unable to use the litigation are immediately advised to set stronger passwords to their Admin accounts, refrain from using Windows approval accounts with high privileges and disable the remote control console for non-authenticated users.
