The security vulnerability is disclosed in the Xerox Versalink C7025 Multifunction Printer (MFPS), where attackers capture authentication credentials via passback attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services can.
“This passback-style attack takes advantage of a vulnerability that allows malicious actors to change the configuration of MFPs and allow MFP devices to send authentication credentials to malicious actors.”
“If malicious actors can take advantage of these issues, they will be able to capture Windows Active Directory credentials, which can move horizontally within your organization’s environment, and other important Windows servers and other important Windows servers and It means you can compromise on your file system.”
Identified vulnerabilities affecting firmware versions 57.69.91 and earlier are listed below –
The successful exploitation of CVE-2024-12510 could lead to redirecting credentials to Rogue Server and publishing credentials. However, this requires an attacker to access the LDAP configuration page, and LDAP is used for authentication.
Similarly, CVE-2024-12511 allows malicious actors to access the user address book configuration to change the IP address of the SMB or FTP server, point to the host under control, and to enable SMB or FTP authentication credentials to be used. Capture file scan operation.
“To make this attack successful, the attacker must configure SMB or FTP scan functionality within the user’s address book, and also to physical access to the printer console or to the remote control console via the web interface. “We need access to the site,” Heiland said. . “This may require admin access unless user-level access to the remote control console is enabled.”
Following the responsible disclosure on March 26, 2024, the vulnerability was addressed as part of Service Pack 57.75.53, which was released later last month for Versalink C7020, 7025, and 7030 series printers.
If immediate patching is not an option, it is recommended that users set complex passwords for their administrative accounts, avoid using privileged Windows authentication accounts, and disable the remote control console for uncertified users I will.
This development has impacted Peyton Smith in detail, and has influenced a widely deployed healthcare software named HealthStream MSOW (CVE-2024-56735), leading to a complete database compromise, and threat actors This occurs because it affects the widely deployed healthcare software (CVE-2024-56735), which can allow access to 23 sensitive data. Healthcare organizations from the public internet.
The company said it has identified 50 instances of MSOW instances exposed to the internet, 23 of which are susceptible to security drawbacks.
The vulnerability “can cause the entire database to be returned in band, meaning that an attacker can retrieve plaintext database content in an HTTP response from the created SQL injection HTTP payload,” Smith said. .
Source link
