CVSS: 8.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-12511 – SMB/FTP Address Book Scan Pass-back attack
https://notcve.org/view.php?id=CVE-2024-12511
03 Feb 2025 — With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-12510 – LDAP Authentication Sever Pass-back attack
https://notcve.org/view.php?id=CVE-2024-12510
03 Feb 2025 — If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf • CWE-287: Improper Authentication •