- Security researchers have found two faults affecting MFP Xerox printers toalink
- Defects could be used in “Pass-Back” attacks to steal connection identification information
- Correctives and bypass are already available, so now put yourself
Some Xerox printers are vulnerable to a “hindsight” attack that can be used to steal connection identification information, experts warned.
Cybersecurity researchers Rapid7 discovered vulnerability and reported it in an in -depth analysis, saying that during security tests, he found a vulnerability affecting MFP Xerox printers toalink. This fault can be abused via LDAP, or SMB / FTP, to set up a pass attack, and in this spirit, it received two cve: CVE-2024-12510 for LDAP, and CVE-2024-12511 for SMB for SMB / FTP. Vulnerabilities have received gravity scores of 6.7 / 10 (middle) and 7.6 / 10 (high) respectively and affect the versions of firmware 57.69.91 and earlier.
“This pastime style attack takes advantage of a vulnerability which allows a malicious actor to modify the configuration of the MFP and to send the MFP device to authentication to the malicious actor,” said the Researchers. “This style of attack can be used to capture authentication data.”
Capture connection identification information
Technical details can be found in the blog post here, but the main thing is that if a threat player has access to the administration settings of a printer, and LDAP is used for authentication, it can change the LDAP server to the one they control, capturing the connection information.
They can also divert printer scanning functionality to steal SMB or FTP identification information, potentially compromising Windows Active Directory and other critical systems.
“In order for this attack to succeed, the attacker requires a SMB or FTP scan function to be configured in the user’s address book, as well as physical access to the printer console or access to console From remote control via the web interface “, stressed researchers.
“This may require administrative access unless access to the user level to the remote control console has been activated.”
After being discouraged, Xerox issued the service pack 57.75.53, which resolved the problem for printers toalink C7020, 7025 and 7030.
It is advisable to those who are unable to apply the fixes to define stronger passwords for their administration accounts, to refrain from using Windows authentication accounts with high privileges and Disable the remote control console for non -authenticated users.
