On February 14, 2025, cybersecurity researchers uncovered new vulnerabilities in Xerox VersaLink printers that could allow attackers to intercept sensitive authentication data and move laterally within enterprise networks. These flaws, found in the Lightweight Directory Access Protocol (LDAP) and Server Message Block (SMB) protocols, pose significant risks to organizational security.
The vulnerabilities, identified as CVE-2024-12510 and CVE-2024-12511, affect Xerox VersaLink C7025 multifunction printers. The LDAP vulnerability allows attackers with administrative access to redirect authentication requests to rogue servers, capturing plaintext credentials. The SMB vulnerability enables attackers to reroute scan-to-file operations to malicious servers, harvesting NetNTLMv2 handshakes and clear-text FTP credentials.
These attacks can lead to unauthorized access to sensitive data and systems, enabling lateral movement across networks. The primary entities involved are the attackers exploiting these vulnerabilities and the organizations using these printers, which may be unaware of the risks.
In response to these threats, Xerox has released firmware updates (version 57.69.92+) to address the vulnerabilities. Security experts recommend additional measures, such as restricting administrative access to printers, disabling unnecessary services like FTP, and implementing network segmentation to isolate printers from critical infrastructure. Monitoring for unusual LDAP/SMB traffic and enforcing multi-factor authentication (MFA) for printer management consoles are also advised. These steps aim to enhance security and protect against potential exploitation of these vulnerabilities.
#CyTech #CyTechNewsRoom #Cybersecurity #CISO #CISOWorkplace™ #VulnerabilityAssessments #EDR #Vulnerability #SMB #LDAP #Xerox
Leave a Reply