CVE-2024-12510

Summary

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

Affected Software

VendorProductVersion RangeStatus
XeroxVersalink B4000 < 37.82.53affected
XeroxVersalink B4050 < 38.82.53affected
XeroxVersalink C4000 < 67.82.53affected
XeroxVersalink C4050 < 68.82.53affected
XeroxVersalink B600/B6100 < 32.82.53affected
XeroxVersalink B605/B6150 < 33.82.53affected
XeroxVersalink C500/C6000 < 61.82.53affected
XeroxVersalink C505/C6050 < 62.82.53affected
XeroxVersalink C70000 < 56.75.53affected
XeroxVersalink C7020/C7025/C70300 < 57.75.53affected
XeroxVersalink B7025/B7030/B70350 < 58.75.53affected
XeroxVersalink B7125/B7130/B71350 < 59.24.53affected
XeroxVersalink C7120/C7125/C71300 < 69.24.53affected
XeroxVersalink C8000/C90000 < 70.75.53affected
XeroxVersalink C8000W0 < 72.75.53affected
XeroxPhaser 65100 < 64.75.53affected
XeroxWorkCentre 65150 < 65.75.53affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References