Xerox printers, particularly the Versalink MFP (multifunction printer) models, have recently been identified as vulnerable to a serious cybersecurity flaw that could expose sensitive login credentials. This vulnerability, discovered by cybersecurity researchers at Rapid7, can lead to what is known as a “pass-back” attack, where authentication data is transmitted back to malicious actors, potentially allowing them to steal sensitive login credentials.
The discovery of this vulnerability has raised significant concerns for organizations relying on Xerox printers for their document management needs. The flaw affects firmware versions 57.69.91 and earlier, making it essential for businesses to take action to protect their devices and secure their networks.
In this article, we’ll take a deeper look at the pass-back attack vulnerability, its potential impact on businesses, and how organizations can safeguard their devices to avoid falling victim to cybercriminals.
What is the Pass-Back Attack?
The pass-back attack is a type of cyberattack that targets vulnerabilities in printer and multifunction printer (MFP) devices. The vulnerability found in Xerox Versalink MFP printers can be exploited via two communication protocols: LDAP (Lightweight Directory Access Protocol) and SMB/FTP (Server Message Block/File Transfer Protocol). These protocols are commonly used to connect networked devices and facilitate communication between printers and other devices in an enterprise setting.
In a pass-back attack, a malicious actor is able to exploit a weakness in the printer’s configuration and send malicious commands to the device. As a result, the printer may inadvertently transmit authentication credentials (such as usernames and passwords) back to the attacker. These credentials could include login details for email systems, corporate networks, or cloud services. The attacker can then use this stolen information to gain unauthorized access to sensitive company data or systems.
The researchers at Rapid7 provided details about how the attack works: “This style of attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP device to send authentication credentials back to the malicious actor.”
Given that Xerox Versalink MFP printers are commonly used by businesses for document management, printing, and scanning tasks, this vulnerability has the potential to expose a wide range of confidential information. As such, it poses a serious security threat to organizations of all sizes.
Vulnerabilities Identified: CVE-2024-12510 and CVE-2024-12511
The vulnerabilities in question have been assigned two CVE (Common Vulnerabilities and Exposures) identifiers:
• CVE-2024-12510: This vulnerability affects the LDAP protocol, which is used for directory services and authentication within many corporate environments. Affected printers may be susceptible to the pass-back attack via an insecure LDAP configuration.
• CVE-2024-12511: This vulnerability impacts the SMB/FTP protocol, which is often used for file sharing and device communication. When exploited, attackers can manipulate the printer’s configuration to send sensitive authentication information back to them.
The severity scores for these vulnerabilities are as follows:
• CVE-2024-12510 (LDAP): Severity score of 6.7/10 (Medium risk)
• CVE-2024-12511 (SMB/FTP): Severity score of 7.6/10 (High risk)
While the LDAP vulnerability has a medium severity rating, the SMB/FTP flaw is rated as high-risk, indicating a greater potential for exploitation. The SMB/FTP vulnerability is more concerning because it could allow attackers to directly access or manipulate the printer’s configuration, potentially compromising the entire network the printer is connected to.
These vulnerabilities affect firmware versions 57.69.91 and earlier, making it crucial for businesses using affected Xerox devices to take immediate action to mitigate the risk.
Potential Impact on Businesses
The pass-back attack can have severe consequences for businesses, as it directly targets authentication credentials, which are often the keys to accessing critical systems and sensitive data. If an attacker is able to capture login credentials, they can use them to:
• Access corporate networks: With stolen login credentials, cybercriminals could gain unauthorized access to internal networks, leading to the potential theft of proprietary data, intellectual property, or customer information.
• Steal personal information: The attacker could use the credentials to access personal data stored on enterprise systems or cloud platforms.
• Compromise email accounts: Stolen email login credentials could allow attackers to send phishing emails, steal additional information, or launch further attacks on unsuspecting recipients.
• Hijack cloud services: If the stolen credentials grant access to cloud-based services (such as Google Drive, Microsoft Office 365, or AWS), the attacker could modify, delete, or exfiltrate valuable data stored in the cloud.
The consequences of a successful pass-back attack can be devastating, leading to financial loss, reputational damage, and regulatory penalties in the event of a data breach. Therefore, it is essential for businesses using Xerox printers to take swift action to address the vulnerability.
How to Protect Xerox Printers from Pass-Back Attacks
To protect your organization from the pass-back attack and prevent the exposure of sensitive information, follow these steps:
1. Update Printer Firmware: The most effective way to mitigate this vulnerability is to update your printer’s firmware to the latest version. Xerox has likely released security patches that address this issue, and updating the firmware to a version beyond 57.69.91 should resolve the vulnerability.
2. Disable Unnecessary Network Protocols: If your printer does not need LDAP, SMB, or FTP for communication, consider disabling these protocols in the printer’s settings. Disabling unused features will reduce the attack surface and make it more difficult for attackers to exploit the vulnerability.
3. Use Strong Authentication: Configure printers with strong authentication methods, such as two-factor authentication (2FA), to add an additional layer of security for login credentials.
4. Restrict Network Access: Limit access to the printer to trusted users and devices only. Use network segmentation and firewalls to prevent unauthorized devices from accessing your printer.
5. Monitor Printer Logs: Regularly monitor printer logs for suspicious activity, such as failed login attempts or unauthorized configuration changes. Early detection of unusual behavior can help mitigate the impact of an attack.
6. Conduct Regular Security Audits: Perform regular security audits of all network-connected devices, including printers, to identify potential vulnerabilities and ensure that all security patches are applied.
Conclusion
The discovery of the pass-back attack vulnerability in Xerox Versalink MFP printers highlights the need for businesses to be vigilant about the security of their network-connected devices. The potential for attackers to steal authentication credentials through this vulnerability poses a significant risk to the security of sensitive data and business operations.
By updating firmware, disabling unnecessary protocols, and implementing best practices for device security, businesses can protect themselves from these types of cyberattacks. Organizations that use Xerox printers should act swiftly to secure their devices and prevent unauthorized access to their systems.
As printers continue to be essential tools for everyday business operations, it is crucial to address vulnerabilities like these to safeguard both corporate and customer data from cyber threats.
Discover more from Techtales
Subscribe to get the latest posts sent to your email.