CVE-2024-12511

Summary

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

Affected Software

VendorProductVersion RangeStatus
XeroxVersalink B4000 < 37.82.53affected
XeroxVersalink B4050 < 38.82.53affected
XeroxVersalink C4000 < 67.82.53affected
XeroxVersalink C4050 < 68.82.53affected
XeroxVersalink B600/B6100 < 32.82.53affected
XeroxVersalink B605/B6150 < 33.82.53affected
XeroxVersalink C500/C6000 < 61.82.53affected
XeroxVersalink C505/C6050 < 62.82.53affected
XeroxVersalink C70000 < 56.75.53affected
XeroxVersalink C7020/C7025/C70300 < 57.75.53affected
XeroxVersalink B7025/B7030/B70350 < 58.75.53affected
XeroxVersalink B7125/B7130/B71350 < 59.24.53affected
XeroxVersalink C7120/C7125/C71300 < 69.24.53affected
XeroxVersalink C8000/C90000 < 70.75.53affected
XeroxVersalink C8000W0 < 72.75.53affected
XeroxPhaser 65100 < 64.75.53affected
XeroxWorkCentre 65150 < 65.75.53affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function
  • CWE-522: CWE-522 Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References