A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered, exposing enterprise networks to credential theft and lateral attacks. Discovered by Rapid7 Principal IoT Researcher Deral Heiland, the flaw allows malicious actors to intercept Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) authentication data through pass-back attacks.
The vulnerabilities, identified as CVE-2024-12510 and CVE-2024-12511, pose a significant threat to organizations relying on these widely used devices for various functions such as printing, scanning, and document management. The Versalink C7025’s LDAP configuration flaw can be exploited by attackers with admin access to redirect authentication requests to rogue servers, compromising Active Directory integrity.
Attackers can manipulate the LDAP server’s IP address in the printer’s settings to capture plaintext credentials, a method that directly impacts user authentication in Windows environments. Furthermore, for SMB, adversaries exploit the device’s address book feature to reroute scan-to-file operations to controlled servers, harvesting NetNTLMv2 handshakes for potential relay attacks on file servers.
FTP configurations are also vulnerable, with credentials transmitted in clear text if compromised. While these attack vectors require administrative privileges or physical console access, the persistence of default admin passwords and remote management interfaces in enterprises lowers the barrier to exploitation.
The implications of these vulnerabilities are severe, enabling captured credentials to facilitate lateral movement, privilege escalation, and data exfiltration across corporate networks. Xerox has responded by releasing firmware updates to address the issues, urging customers to promptly install patches to mitigate the risks.
Rapid7 recommends additional security measures such as restricting admin access to MFPs, disabling unnecessary services like FTP, and implementing network segmentation to isolate printers from critical AD infrastructure. Monitoring for anomalous LDAP/SMB traffic and enforcing multi-factor authentication for printer management consoles are also advised.
Heiland emphasized the importance of recognizing IoT devices like printers as core network assets rather than perimeter appliances, highlighting the need for robust security controls to prevent breaches. The collaboration between Rapid7 and Xerox reflects a growing focus on IoT device security in hybrid work environments, urging enterprises to routinely audit connected devices.
As MFPs increasingly integrate with cloud services and corporate directories, their vulnerability as potential attack vectors escalates. With credential-based attacks prevalent in cybersecurity incident reports, addressing flaws in edge devices becomes crucial for comprehensive defense strategies.
The discovery of these vulnerabilities underscores the evolving threat landscape and the need for proactive security measures to safeguard organizations against cyber threats. As technologies advance, ensuring the security of all network-connected devices remains paramount to protect sensitive data and maintain operational continuity.
📰 Related Articles
- Xerox Versalink Printers Vulnerable to Hackers, Security Risks Identified
- Canon Printer Vulnerability Allows Remote Code Execution Risks
- Xerox to Acquire Lexmark in $1.5B Deal, Expanding Portfolio
- Xerox to Acquire Lexmark for $1.53 Billion, Strengthening Market Position
- Xerox to Acquire Lexmark for $1.5 Billion, Industry Consolidation