Xerox released security updates to resolve pass-back attack vulnerabilities in Versalink multifunction printers.
February 17, 2025 By Ionut Arghire
Vulnerabilities in Xerox VersaLink multifunction printers could allow attackers to retrieve authentication credentials via pass-back attacks targeting LDAP and SMB/FTP services, Rapid7 discovered.
Two security defects were identified in the all-in-one enterprise color printers, namely CVE-2024-12510 and CVE-2024-12511, and Xerox released security updates to address both.
In short, in a pass-back attack, the printer is directed to authenticate against a server controlled by the attacker, who then captures the authentication data sent by the device.
