CVE-2024-12511
Published: 03 February 2025
Summary
CVE-2024-12511 is a high-severity Missing Authentication for Critical Function (CWE-306) vulnerability in Xerox (inferred from references). Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).
Deeper analysis
CVE-2024-12511 affects Xerox VersaLink, Phaser, and WorkCentre printers. The vulnerability enables modification of SMB/FTP settings when an attacker has address book access, potentially redirecting scan jobs and capturing credentials. Exploitation requires enabled scan functions and printer access. It carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) and maps to CWE-306 (Missing Authentication for Critical Function) and CWE-522 (Insufficiently Protected Credentials).
A low-privileged network attacker (PR:L) with address book access can exploit this vulnerability with low complexity and no user interaction. They can alter SMB/FTP configurations to redirect scans to a malicious server, achieving high confidentiality impact by capturing credentials, along with low integrity and availability impacts through setting modifications.
Xerox Security Bulletin XRX25-003, published via https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf, details mitigations and patches for the affected VersaLink, Phaser, and WorkCentre devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-50922
Vulnerability details
With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in network-accessible printer enables remote exploitation to modify SMB/FTP destinations for credential capture via redirected scans.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by identifying, reporting, and applying Xerox patches to fix the missing authentication for SMB/FTP settings modification.
Enforces least privilege to prevent low-privileged users with address book access from modifying critical SMB/FTP scan settings.
Restricts access to authorized personnel for changes to printer configuration settings like SMB/FTP destinations, blocking unauthorized modifications.