Vulnerability-Lookup

BDU:2025-02695

Vulnerability from fstec - Published: 28.01.2025

Title

Уязвимость реализации протоколов SMB и FTP микропрограммного обеспечения принтеров Versalink и WorkCentre, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Description

Уязвимость реализации протоколов SMB и FTP микропрограммного обеспечения принтеров Versalink и WorkCentre связана с недостатками разграничения доступа к адресной книге при сканировании. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к защищаемой информации

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Vendor

Xerox Corporation

Software Name

VersaLink B405, VersaLink C400, VersaLink C405, VersaLink B600, VersaLink B610, VersaLink C500, VersaLink C600, VersaLink C505, VersaLink C605, VersaLink C7000, VersaLink C7020, VersaLink C7025, VersaLink C7030, VersaLink B7025, VersaLink B7030, VersaLink B7035, VersaLink C7120, VersaLink C7125, VersaLink C7130, VersaLink C8000, VersaLink C9000, VersaLink C8000W, Phaser 6510, WorkCentre 6515, VersaLink B400, VersaLink B605, VersaLink B615, VersaLink B7125, VersaLink B7130, VersaLink B7135

Software Version

до 38.82.53 (VersaLink B405), до 67.82.53 (VersaLink C400), до 68.82.53 (VersaLink C405), до 32.82.53 (VersaLink B600), до 32.82.53 (VersaLink B610), до 61.82.53 (VersaLink C500), до 61.82.53 (VersaLink C600), до 62.82.53 (VersaLink C505), до 62.82.53 (VersaLink C605), до 56.75.53 (VersaLink C7000), до 57.75.53 (VersaLink C7020), до 57.75.53 (VersaLink C7025), до 57.75.53 (VersaLink C7030), до 58.75.53 (VersaLink B7025), до 58.75.53 (VersaLink B7030), до 58.75.53 (VersaLink B7035), до 69.24.53 (VersaLink C7120), до 69.24.53 (VersaLink C7125), до 69.24.53 (VersaLink C7130), до 70.75.53 (VersaLink C8000), до 70.75.53 (VersaLink C9000), до 72.75.53 (VersaLink C8000W), до 64.75.53 (Phaser 6510), до 65.75.53 (WorkCentre 6515), до 37.82.53 (VersaLink B400), до 32.82.53 (VersaLink B605), до 32.82.53 (VersaLink B615), до 59.75.53 (VersaLink B7125), до 59.75.53 (VersaLink B7130), до 59.75.53 (VersaLink B7135)

Possible Mitigations

Использование рекомендаций: https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf

Reference

https://asec.ahnlab.com/en/86393/ https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf

CWE

CWE-269

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Xerox Corporation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 38.82.53 (VersaLink B405), \u0434\u043e 67.82.53 (VersaLink C400), \u0434\u043e 68.82.53 (VersaLink C405), \u0434\u043e 32.82.53 (VersaLink B600), \u0434\u043e 32.82.53 (VersaLink B610), \u0434\u043e 61.82.53 (VersaLink C500), \u0434\u043e 61.82.53 (VersaLink C600), \u0434\u043e 62.82.53 (VersaLink C505), \u0434\u043e 62.82.53 (VersaLink C605), \u0434\u043e 56.75.53 (VersaLink C7000), \u0434\u043e 57.75.53 (VersaLink C7020), \u0434\u043e 57.75.53 (VersaLink C7025), \u0434\u043e 57.75.53 (VersaLink C7030), \u0434\u043e 58.75.53 (VersaLink B7025), \u0434\u043e 58.75.53 (VersaLink B7030), \u0434\u043e 58.75.53 (VersaLink B7035), \u0434\u043e 69.24.53 (VersaLink C7120), \u0434\u043e 69.24.53 (VersaLink C7125), \u0434\u043e 69.24.53 (VersaLink C7130), \u0434\u043e 70.75.53 (VersaLink C8000), \u0434\u043e 70.75.53 (VersaLink C9000), \u0434\u043e 72.75.53 (VersaLink C8000W), \u0434\u043e 64.75.53 (Phaser 6510), \u0434\u043e 65.75.53 (WorkCentre 6515), \u0434\u043e 37.82.53 (VersaLink B400), \u0434\u043e 32.82.53 (VersaLink B605), \u0434\u043e 32.82.53 (VersaLink B615), \u0434\u043e 59.75.53 (VersaLink B7125), \u0434\u043e 59.75.53 (VersaLink B7130), \u0434\u043e 59.75.53 (VersaLink B7135)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.01.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.03.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02695",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-12511",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "VersaLink B405, VersaLink C400, VersaLink C405, VersaLink B600, VersaLink B610, VersaLink C500, VersaLink C600, VersaLink C505, VersaLink C605, VersaLink C7000, VersaLink C7020, VersaLink C7025, VersaLink C7030, VersaLink B7025, VersaLink B7030, VersaLink B7035, VersaLink C7120, VersaLink C7125, VersaLink C7130, VersaLink C8000, VersaLink C9000, VersaLink C8000W, Phaser 6510, WorkCentre 6515, VersaLink B400, VersaLink B605, VersaLink B615, VersaLink B7125, VersaLink B7130, VersaLink B7135",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 SMB \u0438 FTP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 Versalink \u0438 WorkCentre, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 (CWE-269)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 SMB \u0438 FTP \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u043d\u0442\u0435\u0440\u043e\u0432 Versalink \u0438 WorkCentre \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0430\u0434\u0440\u0435\u0441\u043d\u043e\u0439 \u043a\u043d\u0438\u0433\u0435 \u043f\u0440\u0438 \u0441\u043a\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://asec.ahnlab.com/en/86393/\nhttps://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-269",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)"
}

CVE-2024-12511 (GCVE-0-2024-12511)

Vulnerability from cvelistv5 – Published: 2025-02-03 19:23 – Updated: 2025-09-17 11:09

Title

SMB/FTP Address Book Scan Pass-back attack

Summary

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-306 - Missing Authentication for Critical Function
CWE-522 - Insufficiently Protected Credentials

Assigner

Xerox

References

URL

Tags

https://securitydocs.business.xerox.com/wp-conten…

Impacted products

Vendor

Product

Version

Xerox

Versalink B400

Affected: 0 , < 37.82.53 (custom)

Xerox	Versalink B405	Affected: 0 , < 38.82.53 (custom)
Xerox	Versalink C400	Affected: 0 , < 67.82.53 (custom)
Xerox	Versalink C405	Affected: 0 , < 68.82.53 (custom)
Xerox	Versalink B600/B610	Affected: 0 , < 32.82.53 (custom)
Xerox	Versalink B605/B615	Affected: 0 , < 33.82.53 (custom)
Xerox	Versalink C500/C600	Affected: 0 , < 61.82.53 (custom)
Xerox	Versalink C505/C605	Affected: 0 , < 62.82.53 (custom)
Xerox	Versalink C7000	Affected: 0 , < 56.75.53 (custom)
Xerox	Versalink C7020/C7025/C7030	Affected: 0 , < 57.75.53 (custom)
Xerox	Versalink B7025/B7030/B7035	Affected: 0 , < 58.75.53 (custom)
Xerox	Versalink B7125/B7130/B7135	Affected: 0 , < 59.24.53 (custom)
Xerox	Versalink C7120/C7125/C7130	Affected: 0 , < 69.24.53 (custom)
Xerox	Versalink C8000/C9000	Affected: 0 , < 70.75.53 (custom)
Xerox	Versalink C8000W	Affected: 0 , < 72.75.53 (custom)
Xerox	Phaser 6510	Affected: 0 , < 64.75.53 (custom)
Xerox	WorkCentre 6515	Affected: 0 , < 65.75.53 (custom)

Date Public ?

2025-02-03 18:44

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-03T20:18:28.894076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-03T20:18:36.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B400",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "37.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B405",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "38.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C400",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "67.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C405",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "68.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B600/B610",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "32.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B605/B615",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "33.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C500/C600",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "61.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C505/C605",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "62.82.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C7000",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "56.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C7020/C7025/C7030",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "57.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B7025/B7030/B7035",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "58.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink B7125/B7130/B7135",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "59.24.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C7120/C7125/C7130",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "69.24.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C8000/C9000",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "70.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Versalink C8000W",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "72.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "Phaser 6510",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "64.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "platforms": [
            "Windows"
          ],
          "product": "WorkCentre 6515",
          "vendor": "Xerox",
          "versions": [
            {
              "lessThan": "65.75.53",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2025-02-03T18:44:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."
            }
          ],
          "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-593",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-593: Session Hijacking"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-522",
              "description": "CWE-522 Insufficiently Protected Credentials",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T11:09:16.202Z",
        "orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
        "shortName": "Xerox"
      },
      "references": [
        {
          "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "SMB/FTP Address Book Scan Pass-back attack",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
    "assignerShortName": "Xerox",
    "cveId": "CVE-2024-12511",
    "datePublished": "2025-02-03T19:23:52.125Z",
    "dateReserved": "2024-12-11T13:24:57.952Z",
    "dateUpdated": "2025-09-17T11:09:16.202Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-02695

CVE-2024-12511 (GCVE-0-2024-12511)

Tags

Sightings

Nomenclature