Cyber Resilience

CVE-2024-12511

High

Published: 03 February 2025

Published
03 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0022 44.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12511 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Xerox (inferred from references). Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2024-12511 affects Xerox VersaLink, Phaser, and WorkCentre printers. The vulnerability enables modification of SMB/FTP settings when an attacker has address book access, potentially redirecting scan jobs and capturing credentials. Exploitation requires enabled scan functions and printer access. It carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) and maps to CWE-306 (Missing Authentication for Critical Function) and CWE-522 (Insufficiently Protected Credentials).

A low-privileged network attacker (PR:L) with address book access can exploit this vulnerability with low complexity and no user interaction. They can alter SMB/FTP configurations to redirect scans to a malicious server, achieving high confidentiality impact by capturing credentials, along with low integrity and availability impacts through setting modifications.

Xerox Security Bulletin XRX25-003, published via https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf, details mitigations and patches for the affected VersaLink, Phaser, and WorkCentre devices.

EU & UK References

Vulnerability details

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1557.001 Name Resolution Poisoning and SMB Relay Credential Access
By responding to LLMNR/NBT-NS/mDNS network traffic, adversaries may spoof an authoritative source for name resolution to force communication with an adversary controlled system.
Why these techniques?

Vulnerability in network-accessible printer enables remote exploitation to modify SMB/FTP destinations for credential capture via redirected scans.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21515Shared CWE-306
CVE-2025-57432Shared CWE-306
CVE-2026-27446Shared CWE-306
CVE-2026-21446Shared CWE-306
CVE-2021-47891Shared CWE-306
CVE-2025-41715Shared CWE-306
CVE-2026-24790Shared CWE-306
CVE-2025-21524Shared CWE-306
CVE-2025-53072Shared CWE-306
CVE-2025-40771Shared CWE-306

Affected Assets

Xerox
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by identifying, reporting, and applying Xerox patches to fix the missing authentication for SMB/FTP settings modification.

prevent

Enforces least privilege to prevent low-privileged users with address book access from modifying critical SMB/FTP scan settings.

prevent

Restricts access to authorized personnel for changes to printer configuration settings like SMB/FTP destinations, blocking unauthorized modifications.

References