CVE-2024-12510

Name of the Vulnerable Software and Affected Versions Xerox VersaLink Printers (affected versions not specified) Xerox VersaLink C7025 MFPs (affected versions not specified)

Description The issue allows authentication to be redirected to another server when accessing LDAP settings, potentially exposing credentials. This requires admin access and an active LDAP setup. The vulnerability could enable attackers to capture Windows Active Directory credentials through pass-back attacks via LDAP and SMB/FTP services.

Recommendations For Xerox VersaLink Printers, restrict access to the LDAP settings to minimize the risk of exploitation. For Xerox VersaLink C7025 MFPs, consider disabling the LDAP service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.