Xerox printer vulnerabilities could let attackers steal Windows Active Directory credentials, a recent report warns. Hackers can exploit security flaws to capture authentication data using LDAP and SMB/FTP services.
How the Attack Works
Researchers discovered two major vulnerabilities in Xerox VersaLink C7025 printers. These flaws allow attackers to manipulate printer settings and redirect authentication credentials to malicious servers.
The first flaw, CVE-2024-12510, enables attackers to intercept LDAP authentication details. However, they must first gain access to the printer’s LDAP settings. The second flaw, CVE-2024-12511, lets hackers alter the user address book and redirect SMB/FTP credentials to their own systems.
Potential Risks
If exploited, these flaws can compromise Windows Active Directory accounts. Attackers could then move laterally within an organization’s network, accessing critical servers and files. To succeed, they must gain admin access or exploit weak security settings in the printer’s web interface.
Security Patches and Recommendations
These vulnerabilities affect firmware versions 57.69.91 and earlier. A new security update (Service Pack 57.75.53) was released to patch the issue. Users should update their firmware immediately to stay protected.
If updating is not an option, experts recommend setting strong admin passwords, avoiding elevated privilege accounts for authentication, and disabling remote access for unauthorized users.
How to Prevent This Attack
To reduce risk, organizations must regularly update printer firmware and limit admin access. They should also monitor network traffic for suspicious activity with Security Operations Center and disable unused authentication services. Implementing multi-factor authentication (MFA) adds another layer of security.
Additionally, businesses should restrict network access to printers, ensuring only authorized devices can connect. Using firewalls and intrusion detection systems can help block unauthorized attempts. Regular security audits can identify misconfigurations before attackers exploit them. Educating employees on cybersecurity best practices, like avoiding weak passwords and suspicious links, further strengthens defense against potential attacks.
Sleep well, we got you covered.
