About Us
Contact About Us Input Output ADA Compliance Statement Privacy Policy Satisfaction Guarantee Terms & Conditions
Solutions
Input Output Solutions WISP - Written Information Security Program
Blog Podcast
BOOK A CALL

Cybersecurity News: Credential Exposure Risk in Xerox VersaLink C7025 Printers

cybersecurity news Mar 04, 2025
Cybersecurity News: Credential Exposure Risk in Xerox VersaLink C7025 Printers

Recent security assessments have unveiled critical vulnerabilities in Xerox VersaLink C7025 Multifunction Printers (MFPs) that could jeopardize Windows Active Directory credentials. These vulnerabilities, identified as CVE-2024-12510 and CVE-2024-12511, stem from weaknesses in the printers' LDAP and SMB/FTP services, potentially allowing attackers to intercept sensitive authentication data.

 

Xerox VersaLink C7025 MFP Vulnerabilities

The Xerox VersaLink C7025 is a comprehensive enterprise printer offering functionalities such as printing, copying, scanning, faxing, and emailing. Despite its advanced features, recent analyses have highlighted security flaws that researchers say could be exploited through pass-back attacks.

  1. CVE-2024-12510: LDAP Pass-Back Vulnerability
    This vulnerability involves the Lightweight Directory Access Protocol (LDAP), commonly used for authenticating users in enterprise environments. An attacker with administrative access to the printer's web interface can reconfigure the LDAP server's IP address to point to a malicious server under their control. Subsequently, any LDAP authentication attempts made by the printer would transmit clear-text credentials to the attacker's server. This exploit requires that the printer is configured to use LDAP for authentication and that the attacker has obtained administrative access, possibly due to default or weak passwords.

  2. CVE-2024-12511: SMB/FTP Pass-Back Vulnerability
    This vulnerability targets the Server Message Block (SMB) and File Transfer Protocol (FTP) services used by the printer, particularly in its scan-to-network functionality. An attacker can modify the SMB or FTP server entries in the printer's address book to redirect file scans to a server they control. This manipulation allows the attacker to capture authentication credentials during the scanning process. For SMB, this could involve capturing NetNTLMv2 hashes, which are cryptographic representations of credentials, potentially facilitating further attacks within the network. For FTP, clear-text credentials could be intercepted. Exploiting this vulnerability requires the attacker to have access to the printer's address book configuration, which could be achieved through physical access or remote access via the web interface, depending on the printer's security settings.

Printers, Printing

 

Potential Impact on Organizations

If these vulnerabilities are exploited, malicious actors could gain unauthorized access to an organization's network by obtaining valid user credentials. This breach could lead to further internal attacks, data theft, or unauthorized system modifications. The severity of these vulnerabilities is underscored by their Common Vulnerability Scoring System (CVSS) scores: 6.7 for CVE-2024-12510 and 7.6 for CVE-2024-12511.

The exploitation of these vulnerabilities poses significant risks:​

Credential Theft: Attackers can obtain sensitive authentication credentials, including those used for Windows Active Directory, which could be leveraged by hackers to access other critical systems within the organization.​

Lateral Movement: With compromised credentials, attackers can move laterally across the company or network, potentially gaining access to confidential data, deploying malware, or disrupting operations.​

Persistence: Attackers may establish persistent access within the network, making it challenging for organizations and vendors to detect and remove the threat.​

Printed Papers, Paper Stock

 

Mitigation Measures

In response to these findings, Xerox has released firmware updates to address and rectify these security issues. Organizations utilizing Xerox VersaLink C7025 MFPs are strongly advised to:

  • Update Firmware: Ensure that all devices are running the latest firmware versions provided by Xerox. Regularly check for updates to stay protected against emerging threats.

  • Review and Secure Configurations: Audit the printer's LDAP and SMB/FTP settings to confirm they are correctly configured. Restrict access to these configurations to authorized personnel only.

  • Monitor Network Traffic: Implement network monitoring to detect unusual activities, such as unauthorized devices attempting to intercept communications.

  • Educate Staff: Provide training to IT staff and end-users about the potential risks associated with these vulnerabilities and the importance of maintaining updated security measures.

 

Conclusion

The discovery of these vulnerabilities in Xerox VersaLink C7025 MFPs serves as a critical reminder of the importance of regular security assessments and prompt software updates. By proactively addressing these issues through firmware updates and stringent configuration management, organizations can safeguard their networks against potential breaches and ensure the integrity of their authentication systems.

STAY INFORMED

Subscribe now to receive the latest expert insights on cybersecurity, compliance, and business management delivered straight to your inbox.

We hate SPAM. We will never sell your information, for any reason.

CATEGORIES

iO Circle Logo

INPUT OUTPUT

Information Security Policies, Programs, & Audits Made Easy

Input Output integrates cybersecurity and compliance seamlessly with business management and development. With expertise in security, compliance, and risk management, we empower businesses to enhance productivity and profitability. Our blog shares insights drawn from years of experience, helping companies navigate complex security challenges while fostering growth and operational excellence.