SecurityWeek reports that Xerox's VersaLink multifunction printers are impacted by the now-addressed pair of pass-back vulnerabilities, tracked as CVE-2024-12510 and CVE-2024-12511, which could be leveraged to facilitate the compromise of authentication credentials.
Threat actors with configuration page access to VersaLink printers with proper Lightweight Directory Access Protocol settings could enable IP address alterations and clear-text LDAP service credential compromise, according to Rapid7 researchers. Moreover, user address book configuration access would allow NetNTLMV2 handshake capturing or further exploitation of the security flaw in a Windows Active Directory-targeted SMB relay intrusion that could result in the compromise of AD credentials. "This means they could then move laterally within an organization's environment and compromise other critical Windows servers and file systems," said researchers. Organizations with vulnerable VersaLink printers have been urged to not only immediately update to firmware version 57.75.53 but also implement more robust admin passwords while restricting Windows authentication account privileges and remote-control console access.
