Security researchers have uncovered serious vulnerabilities in Xerox VersaLink C7025 Multifunction printers that could allow attackers to steal Windows Active Directory credentials. The flaws, discovered by Rapid7, affect firmware versions 57.69.91 and earlier.
Two major security issues were identified:
- A pass-back attack vulnerability via LDAP (CVE-2024-12510) with a CVSS score of 6.7
- A pass-back attack vulnerability through SMB/FTP services (CVE-2024-12511) with a CVSS score of 7.6
The vulnerabilities enable malicious actors to manipulate printer configurations and redirect authentication credentials to systems under their control. Once captured, these credentials could allow attackers to move laterally within an organization's network and potentially compromise Windows servers and file systems.
For the LDAP-based attack, hackers need access to the printer's LDAP configuration page to redirect authentication attempts to a rogue server. The SMB/FTP vulnerability requires access to the address book configuration to intercept credentials during scan operations.
Xerox has released Service Pack 57.75.53 to address these security issues for VersaLink C7020, 7025, and 7030 series printers. Organizations unable to update immediately should implement several protective measures:
- Set strong administrative passwords
- Avoid using high-privilege Windows accounts for printer authentication
- Disable unauthenticated access to the remote-control console
Organizations using affected Xerox printers should evaluate their exposure and take appropriate action to protect their networks.