Xerox Versalink printers have been identified as susceptible to security vulnerabilities that could potentially allow hackers to steal credentials. In a recent discovery by Rapid7 researchers, it was found that models of these printers running on firmware version 57.69.91 and earlier are at risk. Two specific vulnerabilities, labeled as CVE-2024-12510 and CVE-2024-12511, were pinpointed as potential entry points for what are known as “pass-back” attacks.
These pass-back attacks essentially enable a malicious actor who has compromised the printer’s administrative functions to redirect authentication requests to a system under their control. By exploiting weaknesses in services like Lightweight Directory Access Protocol (LDAP), Server Message Block (SMB), and File Transfer Protocol (FTP), hackers could intercept authentication credentials sent by the printer.
The LDAP vulnerability, for instance, allows an attacker to manipulate the LDAP server’s IP address within the printer’s configuration, subsequently capturing authentication credentials sent to the attacker’s server. Similarly, the SMB/FTP vulnerability permits the modification of the SMB or FTP server’s IP address in the user’s address book configuration, potentially exposing sensitive information.
An illustration demonstrates how an attacker could tamper with the server IP address to reroute authentication attempts to a rogue server, thereby gaining unauthorized access to credentials. The presence of predefined login credentials, such as the username “MFPservice,” poses a significant risk in the context of these vulnerabilities.
Exploiting these vulnerabilities could result in severe consequences, as hackers could potentially gain access to critical credentials, including those for Windows Active Directory. This access could facilitate lateral movement within a network, endangering crucial servers and systems.
Rapid7 acted responsibly by disclosing these vulnerabilities to Xerox and collaborating with the vendor to ensure the effectiveness of patches. Organizations utilizing Xerox Versalink printers should promptly update to the latest patched firmware version to mitigate the risk of exploitation.
If immediate patching is not feasible, it is advised to enhance security measures by setting strong and unique passwords for administrative accounts, avoiding the use of domain administrator accounts for certain services, and restricting remote access for unauthenticated users.
Addressing cybersecurity vulnerabilities in devices like printers is crucial in today’s interconnected digital landscape. As technology continues to advance, the need for robust security measures becomes increasingly paramount to safeguard sensitive information and prevent unauthorized access.
📰 Related Articles
- Xerox to Acquire Lexmark for $1.53 Billion, Strengthening Market Position
- Xerox to Acquire Lexmark for $1.5 Billion, Industry Consolidation
- Xerox Boosts Market Presence with Lexmark Acquisition, Stock Surges
- Why Prince Harry Lost Taxpayer-Funded Security: Impact on Entertainment News
- Why Are 3D Printers Used for Making Ghost Guns a Growing Concern?