CVSS: 8.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-12511 – SMB/FTP Address Book Scan Pass-back attack
https://notcve.org/view.php?id=CVE-2024-12511
03 Feb 2025 — With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf • CWE-269: Improper Privilege Management •
CVSS: 8.0EPSS: 0%CPEs: 17EXPL: 0CVE-2024-12510 – LDAP Authentication Sever Pass-back attack
https://notcve.org/view.php?id=CVE-2024-12510
03 Feb 2025 — If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup. • https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 223EXPL: 0CVE-2023-46327
https://notcve.org/view.php?id=CVE-2023-46327
02 Nov 2023 — Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provi... • https://jvn.jp/en/vu/JVNVU96482726/index.html • CWE-287: Improper Authentication •