CVE-2024-12510

Published Feb 3, 2025

Last updated 17 days ago

CVSS medium 6.7

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-12510 describes a vulnerability where, if Lightweight Directory Access Protocol (LDAP) settings are accessed by an attacker, authentication could be redirected to a server controlled by the attacker. This redirection could potentially expose user credentials, allowing the attacker to intercept and compromise them. This vulnerability requires the attacker to have administrative access to the LDAP settings. Successful exploitation could lead to unauthorized access to systems and data, possibly enabling further compromise of the network. As of February 18, 2025, there is no evidence of a public exploit or known instances of this vulnerability being exploited.

Description
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
Source
10b61619-3869-496c-8a1e-f291b0e71e3f
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.7
Impact score
5.5
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Severity
MEDIUM

Weaknesses

10b61619-3869-496c-8a1e-f291b0e71e3f
CWE-287

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Vulnerabilities in Xerox Versalink C7025 printers (CVE-2024-12510 and CVE-2024-12511) allow attackers to intercept LDAP and SMB credentials, compromising enterprise security. Apply patches now. https://t.co/ZHBlHETxXv

    @Teemu_Tiainen

    20 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨🔥🔓 CVE-2024-12510 & CVE-2024-12511: LDAP & SMB Authentication Bypass en Impresoras Xerox, Exponiendo Credenciales de Active Directory https://t.co/qg8ot1GZxQ

    @tpx_Security

    19 Feb 2025

    71 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. #Threat_Research Xerox Versalink MFPs Pass-back attack via LDAP (CVE-2024-12510) and SMB/FTP (CVE-2024-12511) https://t.co/PNbWaLLJDQ ]-> Anatomy of a Pass-Back-Attack - https://t.co/vxSKVfBVuE ]-> Attacking Xerox’s Multifunction Printers Patch Process - https://t.co/DwhzoC

    @ksg93rd

    19 Feb 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Xerox VersaLink C7025 printers have vulnerabilities (CVE-2024-12510 & CVE-2024-12511) allowing attackers to access Windows AD. Patches are available. Strengthen security measures! 🖨️🔐 #XeroxPrinters #WindowsAD #USA link: https://t.co/y17bIKhcjy https://t.co/bMSodFMDfp

    @TweetThreatNews

    18 Feb 2025

    23 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 During security testing, Rapid7 researchers discovered that #Xerox Versalink C7025 Multifunction printers were vulnerable to pass-back attacks. 🔎 Our blog on CVE-2024-12510 & CVE-2024-12511: https://t.co/NdQEQycFTk Or, read on via @TheHackersNews: https://t.co/piksEvmG

    @rapid7

    18 Feb 2025

    296 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. گروه امنیتی Rapid7 که خالق اسکنر Metasploit هم هستند در پرینتر های Xerox’s مدل C7025 دو آسیب پذیری برای سرویس Ldap با کد شناسایی CVE-2024-12510 و سرویس SMB با کد شناسایی  CVE-2024-12511 را کشف نموده اند که باعث افشای اطلاعات مهم می شود. https://t.co/Poz3aKY03t https://t.co/P0WTu

    @AmirHossein_sec

    18 Feb 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 Security vulnerabilities in Xerox VersaLink printers could allow attackers to steal authentication credentials via pass-back attacks, exposing critical systems. CVE-2024-12510 and CVE-2024-12511 impact LDAP and SMB/FTP services and could lead to compromised Windows Active… ht

    @TheHackersNews

    18 Feb 2025

    47618 Impressions

    43 Retweets

    120 Likes

    25 Bookmarks

    5 Replies

    2 Quotes

  8. 🛡️ Xerox Printers Vulnerability Allows Capture Authentication Data From LDAP & SMB Read more: https://t.co/xRH8l7CTCq 📌 LDAP Pass-Back Exploitation (CVE-2024-12510) 📌 SMB/FTP Credential Interception (CVE-2024-12511) #cybersecurity

    @gbhackers_news

    17 Feb 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 【AD環境】ゼロックス社多機能プリンタのVersaLinkに平行移動に使用可能な脆弱性。CVE-2024-12510とCVE-2024-12511は、プリンタに攻撃者が管理するサーバへの認証を行わせることでSMBでのNetNTLMV2ハンドシェイクやFTPでの平文認証情報を抜ける脆弱性。修正済み。 https://t.co/a3ZJn2Bm0I

    @__kokumoto

    17 Feb 2025

    1237 Impressions

    8 Retweets

    14 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ Vulnerability Alert: Xerox Versalink C7025 Multifunction Printer Pass-Back Attack Vulnerabilities 🆔cveId: CVE-2024-12510, CVE-2024-12511 📂affectedVersions: - Xerox Versalink MFPs - Firmware Version: 57.69.91 and earlier 🔧fixedVersions: - Latest patched version of the…

    @syedaquib77

    14 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-12510 If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP s… https://t.co/pm03YyTdJL

    @CVEnew

    3 Feb 2025

    224 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References