Xerox Versalink: Multifunction printers reveal access data
Vulnerabilities have been discovered in Xerox Versalink multifunction printers that could allow attackers to steal access data.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
IT security researchers have discovered security vulnerabilities in Xerox multifunction printers from the Phaser, Versalink and WorkCentre series. Attackers can use them to spy out and access access data and infiltrate the network, for example.
The vulnerabilities were discovered by employees of the IT security company Rapid7, as they explain in a blog post. According to them, the printers are susceptible to so-called pass-back attacks, in which attackers can access the log-in data of vulnerable printers after manipulating the settings on the device. This often succeeds because the default passwords in the printers are usually not changed, write the authors of the explanation of such an attack.
Xerox: Two security gaps reveal access data
With access to the address book, attackers can change SMB and FTP settings, redirect the output of scanned documents and obtain access data, according to the vulnerability description (CVE-2024-12511, CVSS 7.6, risk"high"). To do this, the scan function must be activated and printer access must be possible from the intranet, for example. The second vulnerability can be abused by attackers by accessing the LDAP settings, according to the description, and redirecting authentication to another server. This allows them to obtain access data, provided they have admin access and an active LDAP setup (CVE-2024-12510, CVSS 6.7, medium).
Videos by heise
Rapid7 explains the vulnerabilities found in detail. Xerox has responded with its own security announcement, citing updated system software for the affected devices. Vulnerable devices include Xerox Phaser 6510, VersaLink B400/C400/B405/C405, B600/B610, B605/B615, C500/C505/C600/C605, C7000, C7020/C7025/C7030, B7025/B7030/B7035, B7125/B7130/B7135, C7120/C7125/C7130, C8000/C9000, C8000W and WorkCentre 6515. The authors have linked the individual firmware updates in the table in the Xerox document. IT managers should carry out the update quickly and be sure to replace the standard access data of the devices with individual access data if this has not already been done.
It is not only Xerox printers that have to contend with security vulnerabilities; administrators have also recently had to protect devices from other manufacturers against attacks with updates. On Monday of this week, for example, postscript security vulnerabilities were discovered in HP laser printers, allowing attackers to smuggle in and execute malicious code.
(dmk)
