Security Vulnerabilities Found in Xerox Versalink Multifunction Printers

Recent findings have revealed critical security vulnerabilities in Xerox's Versalink multifunction printers, potentially allowing attackers to access sensitive login credentials. These vulnerabilities are part of the Phaser, Versalink, and WorkCentre series, posing significant risks to network security.

Security experts from Rapid7 have identified these flaws in a detailed report. They indicate that the printers are susceptible to so-called Pass-Back attacks, where hackers can intercept login information by manipulating device settings. A major factor contributing to this vulnerability is the common practice of leaving default passwords unchanged, which makes it easier for attackers to exploit these devices.

Two specific vulnerabilities have been documented: the first allows unauthorized access to the printer's address book, enabling attackers to alter SMB and FTP settings, redirect scanned document outputs, and extract login credentials (CVE-2024-12511, CVSS rating of 7.6, categorized as high risk). This attack requires the scanning function to be enabled and access to the printer from the intranet.

The second vulnerability lets attackers leverage access to LDAP settings, redirecting authentication to another server. This scenario permits the extraction of login credentials provided that the attacker has administrative access and an active LDAP setup (CVE-2024-12510, CVSS rating of 6.7, categorized as medium risk).

In response to these findings, Xerox has issued a security advisory along with updated firmware for the affected models. The vulnerable models include the Xerox Phaser 6510, VersaLink B400/C400/B405/C405, B600/B610, B605/B615, C500/C505/C600/C605, C7000, C7020/C7025/C7030, B7025/B7030/B7035, B7125/B7130/B7135, C7120/C7125/C7130, C8000/C9000, C8000W, and WorkCentre 6515. IT administrators are urged to promptly implement these updates and customize the default access credentials on their devices if they have not already done so.

These vulnerabilities are not isolated to Xerox products; other manufacturers' devices are also facing similar security challenges. For instance, recent reports uncovered Postscript security flaws in HP laser printers, which allow malicious actors to inject and execute harmful code.

The ongoing prevalence of such vulnerabilities underscores the necessity for organizations to maintain vigilant security practices, including regular updates and password management for all connected devices.