CVE-2024-12511

Published: Feb 3, 2025

Modified: Sep 17, 2025

PUBLISHED

CVSS v3.1

7.6

HIGH

Description

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

Vendor	Product	Versions
Xerox	Versalink B400	affected `0 - < 37.82.53`
Xerox	Versalink B405	affected `0 - < 38.82.53`
Xerox	Versalink C400	affected `0 - < 67.82.53`
Xerox	Versalink C405	affected `0 - < 68.82.53`
Xerox	Versalink B600/B610	affected `0 - < 32.82.53`
Xerox	Versalink B605/B615	affected `0 - < 33.82.53`
Xerox	Versalink C500/C600	affected `0 - < 61.82.53`
Xerox	Versalink C505/C605	affected `0 - < 62.82.53`
Xerox	Versalink C7000	affected `0 - < 56.75.53`
Xerox	Versalink C7020/C7025/C7030	affected `0 - < 57.75.53`
Xerox	Versalink B7025/B7030/B7035	affected `0 - < 58.75.53`
Xerox	Versalink B7125/B7130/B7135	affected `0 - < 59.24.53`
Xerox	Versalink C7120/C7125/C7130	affected `0 - < 69.24.53`
Xerox	Versalink C8000/C9000	affected `0 - < 70.75.53`
Xerox	Versalink C8000W	affected `0 - < 72.75.53`
Xerox	Phaser 6510	affected `0 - < 64.75.53`
Xerox	WorkCentre 6515	affected `0 - < 65.75.53`

Weaknesses (CWE)

CWE-306

CWE-522

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-12511

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References