CVE-2024-12510

Published: Feb 3, 2025

Modified: Feb 27, 2025

PUBLISHED

CVSS v3.1

6.7

MEDIUM

Description

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

Vendor	Product	Versions
Xerox	Versalink B400	affected `0 - < 37.82.53`
Xerox	Versalink B405	affected `0 - < 38.82.53`
Xerox	Versalink C400	affected `0 - < 67.82.53`
Xerox	Versalink C405	affected `0 - < 68.82.53`
Xerox	Versalink B600/B610	affected `0 - < 32.82.53`
Xerox	Versalink B605/B615	affected `0 - < 33.82.53`
Xerox	Versalink C500/C600	affected `0 - < 61.82.53`
Xerox	Versalink C505/C605	affected `0 - < 62.82.53`
Xerox	Versalink C7000	affected `0 - < 56.75.53`
Xerox	Versalink C7020/C7025/C7030	affected `0 - < 57.75.53`
Xerox	Versalink B7025/B7030/B7035	affected `0 - < 58.75.53`
Xerox	Versalink B7125/B7130/B7135	affected `0 - < 59.24.53`
Xerox	Versalink C7120/C7125/C7130	affected `0 - < 69.24.53`
Xerox	Versalink C8000/C9000	affected `0 - < 70.75.53`
Xerox	Versalink C8000W	affected `0 - < 72.75.53`
Xerox	Phaser 6510	affected `0 - < 64.75.53`
Xerox	WorkCentre 6515	affected `0 - < 65.75.53`

Weaknesses (CWE)

CWE-287

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-12510

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References