Security vulnerabilities were disclosed in the Xerox Versalink C7025 multifunctional printers (MFPS), which could allow the attackers to record authentication accounts using the opposite attacks using the catalog access protocol (catalogs (catalogs.Ldap) and SMB/FTP services.
“This passage attack uses vulnerability that allows malicious actors to change the MFP configuration and force the MFP device to send authentication data back to the malicious actor,” Rapid7 Deral Heland security researcher – Note.
“If a malicious actor can successfully use these problems, it will allow them to seize the accounts for Windows Active Directory. This means that they can then move toward the organization and threaten other critical servers and file systems.”
Revealed vulnerabilities that affect the firmware 57.69.91 and earlier, below – below –
Successful Operation CVE-2024-12510 can allow redirecting information about authentication to the Rogue server, potentially exposing the credentials. This, however, requires the attacker to access the LDAP configuration page, and LDAP is used to authenticate.
CVE-2024-12511 also allows malicious actors to access the user’s address to change the IP address SMB or FTP server and make it guidance under their control, resulting in SMB or FTP credentials during operations File scanning.
“In order for this attack to be successful, the attacker requires the establishment of SMB or FTP scanning in the user’s address book, as well as physical access to the printer console or access to the remote control through the web interface,” Hayland said. “This may require administrator access unless the user levels are included to the remote control console.”
Following a responsible disclosure of information on March 26, 2024. The vulnerability was addressed as part of Service Package 57.75.53 Released at the end of last month for the Versalink C7020, 7025 and 7030 series printers.
If immediate correction is not an option, the users are advised to install a complex password for the administrator account, avoid using Windows authentication accounts that have increased privileges, and disable remote control for unauthorized users.
Development comes as a specialist and CEO Peyton Smith talked in detail about the unauthorized vulnerability of SQL injection, which affects the widely expanded health care software named Healthstream msow (CVE-2024-56735), which can lead to a complete compromise in the database, allowing the subject threat to access sensitive data of 23 healthcare organizations from public Internet.
The company said it determined 50 copies subjected to the Internet, of which 23 are sensitive to security deficiencies.
Vulnerability can allow “the entire database can be returned in the range, which means the attacker can get the contents of the database openly – Note.
