Xerox VersaLink Printers Hit by Pass-Back Vulnerabilities Enabling Lateral Movement

Recent research has identified critical vulnerabilities in Xerox’s VersaLink multifunction printers that could allow hackers to compromise authentication credentials and move laterally through an organization’s network.

Two pass-back vulnerabilities, now addressed and tracked as CVE-2024-12510 and CVE-2024-12511, have been discovered in Xerox’s VersaLink printers. These vulnerabilities can be exploited to alter IP addresses and gain access to Lightweight Directory Access Protocol (LDAP) credentials in clear text.

Threat actors with access to the configuration pages and proper LDAP settings can exploit these vulnerabilities. They can further capture NetNTLMV2 handshakes or use an SMB relay intrusion targeting Windows Active Directory, leading to potential compromise of AD credentials.

Once attackers obtain AD credentials, they can navigate within the organization’s environment, jeopardizing other critical Windows servers and file systems.

To mitigate these risks, organizations should promptly update their VersaLink printers to firmware version 57.75.53. This update directly addresses the identified vulnerabilities.

In addition to firmware updates, robust admin passwords should be implemented. Restricting Windows authentication account privileges and remote-control console access can also significantly enhance the security posture.

Printers are often overlooked in cybersecurity strategies, but they can serve as gateways for attackers. These devices frequently contain sensitive data and are tied into various network services, making them attractive targets.

By securing your printers, you reduce the risk of unauthorized access to critical data and services within your organization. This proactive approach can prevent more extensive and costly breaches.

Updating firmware is a foundational step, but it is essential to consider broader security strategies. Here are some best practices to protect your VersaLink printers:

• Change default admin passwords to strong, unique combinations.
• Limit administrative access to only authorized personnel.
• Regularly patch and update printer firmware.
• Disable unnecessary network services.
• Use secure protocols for data transfer.

The recent vulnerabilities in Xerox’s VersaLink printers highlight the need for robust security measures across all devices in an organization. By staying informed and taking proactive steps, you can safeguard your network from potential threats.

We encourage you to comment below with your thoughts on printer security or any other cybersecurity topics. Join our community to stay updated on the latest news and tips. Share this article on social media to spread awareness and help protect others.