Security researchers have uncovered vulnerabilities in the Xerox VersaLink C7025 Multifunction Printers (MFPs) that could allow attackers to capture authentication credentials through pass-back attacks. These vulnerabilities target the LDAP and SMB/FTP services in specific firmware versions (57.69.91 and earlier). Attackers can exploit these issues to modify the MFP’s configuration, redirect authentication credentials to malicious servers, and potentially compromise Windows Active Directory. This would allow attackers to move laterally within an organization’s network and gain access to critical systems and files, posing significant security risks.
Two main vulnerabilities were identified: CVE-2024-12510 and CVE-2024-12511. CVE-2024-12510 allows attackers to alter the LDAP configuration, which could redirect authentication information to a rogue server. CVE-2024-12511 targets the user address book and enables attackers to change the SMB or FTP server’s IP address, leading to the capture of authentication credentials during file scan operations. Both vulnerabilities require either physical access to the printer or access to the remote-control console via the web interface, which could be accessible with admin credentials or misconfigured settings.
The vulnerabilities were responsibly disclosed in March 2024, and Xerox addressed them in Service Pack 57.75.53, which was released for the VersaLink C7020, C7025, and C7030 printers. Users are urged to immediately patch their devices to protect against these vulnerabilities. For those unable to apply the patch, security experts recommend setting strong passwords for the admin accounts, avoiding the use of Windows authentication accounts with elevated privileges, and disabling the remote-control console for unauthenticated users. These actions can reduce the chances of exploitation until the patch is applied.
In a related security development, the founder of Specular, Peyton Smith, disclosed an unauthenticated SQL injection vulnerability in the HealthStream MSOW healthcare software. This vulnerability affects 23 healthcare organizations and could allow attackers to retrieve sensitive data from a database through crafted SQL injection payloads. The flaw underscores the importance of addressing vulnerabilities in widely used systems, particularly in sectors like healthcare where sensitive data is at risk of exposure.
