CVE-2024-12511

SMB/FTP Address Book Scan Pass-back attack

Severity Score

7.6

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-12-11 CVE Reserved
2025-02-03 CVE Published
2025-02-03 CVE Updated
2025-04-15 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

CAPEC-593: Session Hijacking

References (1)

URL	Tag	Source
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xerox Search vendor "Xerox"		Versalink B400 Search vendor "Xerox" for product "Versalink B400"				< 37.82.53 Search vendor "Xerox" for product "Versalink B400" and version " < 37.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink B405 Search vendor "Xerox" for product "Versalink B405"				< 38.82.53 Search vendor "Xerox" for product "Versalink B405" and version " < 38.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C400 Search vendor "Xerox" for product "Versalink C400"				< 67.82.53 Search vendor "Xerox" for product "Versalink C400" and version " < 67.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C405 Search vendor "Xerox" for product "Versalink C405"				< 68.82.53 Search vendor "Xerox" for product "Versalink C405" and version " < 68.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink B600/B610 Search vendor "Xerox" for product "Versalink B600/B610"				< 32.82.53 Search vendor "Xerox" for product "Versalink B600/B610" and version " < 32.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink B605/B615 Search vendor "Xerox" for product "Versalink B605/B615"				< 33.82.53 Search vendor "Xerox" for product "Versalink B605/B615" and version " < 33.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C500/C600 Search vendor "Xerox" for product "Versalink C500/C600"				< 61.82.53 Search vendor "Xerox" for product "Versalink C500/C600" and version " < 61.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C505/C605 Search vendor "Xerox" for product "Versalink C505/C605"				< 62.82.53 Search vendor "Xerox" for product "Versalink C505/C605" and version " < 62.82.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C7000 Search vendor "Xerox" for product "Versalink C7000"				< 56.75.53 Search vendor "Xerox" for product "Versalink C7000" and version " < 56.75.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C7020/C7025/C7030 Search vendor "Xerox" for product "Versalink C7020/C7025/C7030"				< 57.75.53 Search vendor "Xerox" for product "Versalink C7020/C7025/C7030" and version " < 57.75.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink B7025/B7030/B7035 Search vendor "Xerox" for product "Versalink B7025/B7030/B7035"				< 58.75.53 Search vendor "Xerox" for product "Versalink B7025/B7030/B7035" and version " < 58.75.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink B7125/B7130/B7135 Search vendor "Xerox" for product "Versalink B7125/B7130/B7135"				< 59.24.53 Search vendor "Xerox" for product "Versalink B7125/B7130/B7135" and version " < 59.24.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C7120/C7125/C7130 Search vendor "Xerox" for product "Versalink C7120/C7125/C7130"				< 69.24.53 Search vendor "Xerox" for product "Versalink C7120/C7125/C7130" and version " < 69.24.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C8000/C9000 Search vendor "Xerox" for product "Versalink C8000/C9000"				< 70.75.53 Search vendor "Xerox" for product "Versalink C8000/C9000" and version " < 70.75.53"		en		Affected
Xerox Search vendor "Xerox"		Versalink C8000W Search vendor "Xerox" for product "Versalink C8000W"				< 72.75.53 Search vendor "Xerox" for product "Versalink C8000W" and version " < 72.75.53"		en		Affected
Xerox Search vendor "Xerox"		Phaser 6510 Search vendor "Xerox" for product "Phaser 6510"				< 64.75.53 Search vendor "Xerox" for product "Phaser 6510" and version " < 64.75.53"		en		Affected
Xerox Search vendor "Xerox"		WorkCentre 6515 Search vendor "Xerox" for product "WorkCentre 6515"				< 65.75.53 Search vendor "Xerox" for product "WorkCentre 6515" and version " < 65.75.53"		en		Affected