Safety vulnerabilities were disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that would permit attackers to seize authentication credentials by means of pass-back assaults by means of Light-weight Listing Get right of entry to Protocol (LDAP) and SMB/FTP products and services.
“This pass-back taste assault leverages a vulnerability that permits a malicious actor to vary the MFP’s configuration and motive the MFP tool to ship authentication credentials again to the malicious actor,” Rapid7 safety researcher Deral Heiland mentioned.
“If a malicious actor can effectively leverage those problems, it might let them seize credentials for Home windows Energetic Listing. This implies they may then transfer laterally inside a company’s atmosphere and compromise different important Home windows servers and record techniques.”
The recognized vulnerabilities, which impact firmware variations 57.69.91 and previous, are indexed beneath –
A success exploitation of CVE-2024-12510 may just permit authentication data to be redirected to a rogue server, doubtlessly exposing credentials. This, alternatively, calls for an attacker to realize get admission to to the LDAP configuration web page and that LDAP is used for authentication.
CVE-2024-12511, likewise, permits a malicious actor to realize get admission to to the person cope with ebook configuration to change the SMB or FTP server’s IP cope with and make it level to a bunch beneath their management, inflicting SMB or FTP authentication credentials to be captured all through record scan operations.
“For this assault to achieve success, the attacker calls for an SMB or FTP scan serve as to be configured throughout the person’s cope with ebook, in addition to bodily get admission to to the printer console or get admission to to remote-control console by means of the internet interface,” Heiland famous. “This may occasionally require admin get admission to except person degree get admission to to the remote-control console has been enabled.”
Following accountable disclosure on March 26, 2024, the vulnerabilities have been addressed as a part of Provider Pack 57.75.53 launched overdue ultimate month for VersaLink C7020, 7025, and 7030 collection printers.
If fast patching isn’t an choice, customers are really helpful to set a fancy password for the admin account, steer clear of the use of Home windows authentication accounts that experience increased privileges, and disable the remote-control console for unauthenticated customers.
The advance comes as Specular founder and CEO Peyton Smith detailed an unauthenticated SQL injection vulnerability affecting a extensively deployed healthcare tool named HealthStream MSOW (CVE-2024-56735) that would result in a complete database compromise, permitting danger actors to get admission to delicate knowledge of 23 healthcare organizations from the general public cyber web.
The corporate mentioned it recognized 50 cases of internet-exposed MSOW cases, of which 23 are vulnerable to safety shortcomings.
The vulnerability may just permit “all the database may well be returned in-band, which means an attacker may just retrieve the plaintext database contents in a HTTP reaction from a crafted SQL injection HTTP payload,” Smith mentioned.