Cyber Posture

CVE-2024-55930

Medium

Published: 23 January 2025

Published
23 January 2025
Modified
30 January 2026
KEV Added
Patch
CVSS Score 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0012 30.9th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-55930 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Xerox Workplace Suite. Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique File System Permissions Weakness (T1044); ranked at the 30.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to File System Permissions Weakness (T1044). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match
prevent

Directly mandates establishing and implementing secure configuration settings for file system folder permissions to remediate weak defaults allowing unauthorized access, modification, or deletion.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for logical access to system resources such as folders and files, preventing exploitation of weak permissions by unauthorized or overly privileged users.

AC-6 Least Privilege partial match
prevent

Restricts privileges to the minimum necessary, limiting the scope of high-privilege (PR:H) users who could exploit weak folder permissions to access or manipulate sensitive files.

MITRE ATT&CK Enterprise TechniquesAI

T1044 File System Permissions Weakness Persistence
Processes may automatically execute specific binaries as part of their functionality or to perform other actions.
attack.mitre.org →
Why these techniques?

Weak default folder permissions (CWE-276) directly match File System Permissions Weakness, enabling local file access/modification/deletion.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

Deeper analysisAI

CVE-2024-55930 affects Xerox Workplace Suite, where weak default folder permissions (CWE-276) allow unauthorized users to access, modify, or delete files. The vulnerability received a CVSS v3.1 base score of 6.7 (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-23.

Exploitation requires local access (AV:L) with high privileges (PR:H) and low complexity (AC:L), with no user interaction needed (UI:N). A successful attacker can achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) within the unchanged scope (S:U) by leveraging the improper permissions to manipulate sensitive files.

Xerox Security Bulletin XRX25-002 provides details on mitigations for Xerox Workplace Suite and is available at https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-002-for-Xerox%C2%AE-WorkplaceSuite%C2%AE.pdf.

Details

CWE(s)
CWE-276

Affected Products

xerox
workplace suite
≤ 5.6.701.9

CVEs Like This One

CVE-2024-55927Same product: Xerox Workplace Suite
CVE-2024-55926Same product: Xerox Workplace Suite
CVE-2024-55928Same product: Xerox Workplace Suite
CVE-2024-55925Same product: Xerox Workplace Suite
CVE-2026-2252Same vendor: Xerox
CVE-2025-8356Same vendor: Xerox
CVE-2026-2251Same vendor: Xerox
CVE-2025-24107Shared CWE-276
CVE-2024-53841Shared CWE-276
CVE-2024-43166Shared CWE-276

References