CVE-2024-12511
📋 TL;DR
This vulnerability allows attackers with address book access to modify SMB/FTP settings on affected Xerox printers, potentially redirecting scans and capturing credentials. It requires enabled scan functions and printer access. Affects Xerox VersaLink, Phaser, and WorkCentre multifunction printers.
💻 Affected Systems
- Xerox VersaLink
- Xerox Phaser
- Xerox WorkCentre
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers capture administrative credentials, gain persistent access to network resources, and potentially move laterally within the network.
Likely Case
Unauthorized modification of scan destinations leading to data exfiltration or credential harvesting from scan jobs.
If Mitigated
Limited to authorized users with address book access, reducing exposure to internal threats only.
🎯 Exploit Status
Requires authenticated access to address book functionality and knowledge of printer configuration
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates as specified in Xerox Security Bulletin XRX25-003
Restart Required: No
Instructions:
1. Download latest firmware from Xerox support portal. 2. Upload firmware to printer via web interface. 3. Apply update through printer maintenance menu.
🔧 Temporary Workarounds
Disable address book access
allRestrict or disable address book functionality for non-administrative users
Disable scan-to-network functions
allTurn off SMB/FTP scan capabilities if not required
🧯 If You Can't Patch
- Implement network segmentation to isolate printers from sensitive systems
- Enable detailed logging of printer configuration changes and scan activities
🔍 How to Verify
Check if Vulnerable:
Check printer firmware version against patched versions in Xerox bulletinCheck Version:
Check via printer web interface: Settings > Device Information > Firmware VersionVerify Fix Applied:
Verify firmware version matches or exceeds patched version in security bulletin📡 Detection & Monitoring
Log Indicators:
- Unexpected SMB/FTP configuration changes
- Scan jobs sent to unfamiliar destinations
- Multiple failed authentication attempts to printer
Network Indicators:
- Unusual SMB/FTP traffic from printers
- Scan data sent to unexpected IP addresses
SIEM Query:
source="printer_logs" AND (event="configuration_change" OR event="scan_completed") AND dest_ip NOT IN [approved_destinations]