Here is a rewritten version of the content without changing its meaning, retaining the original length, and keeping proper headings and titles as required:
Recently discovered security vulnerabilities in Xerox VersaLink C7025 Multifunction printers (MFPs) could potentially allow attackers to capture authentication credentials through pass-back attacks using Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
According to Rapid7 security researcher Deral Heiland, “This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP device to send authentication credentials back to the malicious actor.” He further explained, “If a malicious actor can successfully leverage these issues, it would allow them to capture credentials for Windows Active Directory, enabling them to move laterally within an organization’s environment and compromise other critical Windows servers and file systems.”
The identified vulnerabilities, which affect firmware versions 57.69.91 and earlier, are listed below:
Successful exploitation of CVE-2024-12510 could allow authentication information to be redirected to a rogue server, potentially exposing credentials. However, this requires an attacker to gain access to the LDAP configuration page and for LDAP to be used for authentication.
CVE-2024-12511 allows a malicious actor to gain access to the user address book configuration to modify the SMB or FTP server’s IP address and make it point to a host under their control, causing SMB or FTP authentication credentials to be captured during file scan operations.
Heiland noted, “For this attack to be successful, the attacker requires an SMB or FTP scan function to be configured within the user’s address book, as well as physical access to the printer console or access to remote-control console via the web interface. This may require admin access unless user-level access to the remote-control console has been enabled.”
Following responsible disclosure on March 26, 2024, the vulnerabilities were addressed as part of Service Pack 57.75.53 released late last month for VersaLink C7020, 7025, and 7030 series printers.
If immediate patching is not an option, users are recommended to set a complex password for the admin account, avoid using Windows authentication accounts that have elevated privileges, and disable the remote-control console for unauthenticated users.
In related news, Specular founder and CEO Peyton Smith detailed an unauthenticated SQL injection vulnerability affecting a widely deployed healthcare software named HealthStream MSOW (CVE-2024-56735) that could lead to a full database compromise, allowing threat actors to access sensitive data of 23 healthcare organizations from the public internet.
The company identified 50 instances of internet-exposed MSOW instances, of which 23 are susceptible to security shortcomings.
According
Source Link
