Hackers Breach Corporate Passwords via Xerox Printer

19 Feb 2025 3:15 am GMT+0000 Date Time

Researchers Discover Vulnerabilities in Xerox Versalink C7025 Printers
Researchers from Rapid7 recently uncovered two vulnerabilities in the multifunctional Xerox Versalink C7025 printers. These vulnerabilities, found in devices with firmware version 57.69.91 and earlier, allow attackers to intercept accounting data using Pass-Back attacks. The first vulnerability (CVE-2024-12510, CVSS 6.7) enables attackers to manipulate the printer’s configuration, redirecting user accounting data to a server under their control. LDAP, an essential protocol for managing identification and access control, functions as a directory service similar to a telephone reference book. Users or applications can request specific data, such as access rights, from an LDAP server, which retrieves and provides the information needed. This discovery highlights the importance of network security and the need to address vulnerabilities promptly to protect sensitive data.

Researchers Discover Vulnerabilities in Xerox Versalink C7025 Printers

Researchers from Rapid7 recently uncovered two vulnerabilities in the multifunctional Xerox Versalink C7025 printers. These vulnerabilities, found in devices with firmware version 57.69.91 and earlier, allow attackers to intercept accounting data using Pass-Back attacks.

The first vulnerability (CVE-2024-12510, CVSS 6.7) enables attackers to manipulate the printer’s configuration, redirecting user accounting data to a server under their control.

LDAP, an essential protocol for managing identification and access control, functions as a directory service similar to a telephone reference book. Users or applications can request specific data, such as access rights, from an LDAP server, which retrieves and provides the information needed.

This discovery highlights the importance of network security and the need to address vulnerabilities promptly to protect sensitive data.

/Reports, release notes, official announcements.