Safety vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that would permit attackers to seize authentication credentials by way of pass-back assaults by way of Light-weight Listing Entry Protocol (LDAP) and SMB/FTP providers.
“This pass-back model assault leverages a vulnerability that permits a malicious actor to change the MFP’s configuration and trigger the MFP machine to ship authentication credentials again to the malicious actor,” Rapid7 safety researcher Deral Heiland said.
“If a malicious actor can efficiently leverage these points, it will permit them to seize credentials for Home windows Energetic Listing. This implies they might then transfer laterally inside a corporation’s setting and compromise different essential Home windows servers and file techniques.”
The recognized vulnerabilities, which have an effect on firmware variations 57.69.91 and earlier, are listed under –
Profitable exploitation of CVE-2024-12510 may permit authentication data to be redirected to a rogue server, probably exposing credentials. This, nonetheless, requires an attacker to realize entry to the LDAP configuration web page and that LDAP is used for authentication.
CVE-2024-12511, likewise, permits a malicious actor to realize entry to the consumer deal with e-book configuration to change the SMB or FTP server’s IP deal with and make it level to a bunch below their management, inflicting SMB or FTP authentication credentials to be captured throughout file scan operations.
“For this assault to achieve success, the attacker requires an SMB or FTP scan perform to be configured throughout the consumer’s deal with e-book, in addition to bodily entry to the printer console or entry to remote-control console by way of the net interface,” Heiland famous. “This may occasionally require admin entry until consumer degree entry to the remote-control console has been enabled.”
Following accountable disclosure on March 26, 2024, the vulnerabilities have been addressed as a part of Service Pack 57.75.53 launched late final month for VersaLink C7020, 7025, and 7030 sequence printers.
If rapid patching shouldn’t be an choice, customers are advisable to set a posh password for the admin account, keep away from utilizing Home windows authentication accounts which have elevated privileges, and disable the remote-control console for unauthenticated customers.
The event comes as Specular founder and CEO Peyton Smith detailed an unauthenticated SQL injection vulnerability affecting a extensively deployed healthcare software program named HealthStream MSOW (CVE-2024-56735) that would result in a full database compromise, permitting menace actors to entry delicate information of 23 healthcare organizations from the general public web.
The corporate mentioned it recognized 50 situations of internet-exposed MSOW situations, of which 23 are prone to safety shortcomings.
The vulnerability may permit “your complete database could possibly be returned in-band, which means an attacker may retrieve the plaintext database contents in a HTTP response from a crafted SQL injection HTTP payload,” Smith said.
Source link