In Xerox VersaLink C7025 Multifunction printers ( MFPs ), security flaws have been discovered that could make it possible for hackers to use pass-back attacks using LDA and SMB/FTP services to encrypt authentication credentials.
According to Rapid7 security researcher Deral Heiland,” This pass-back style attack makes use of a vulnerability that allows a destructive actor to modify the MFP’s configuration and send the MFP device’s authentication credentials up to the malicious actor.”
” If a harmful artist can exploit these problems, it would allow them to get Windows Active Directory credentials.” They may then mutate horizontally in an organization’s atmosphere and sacrifice other crucial Windows servers and file systems as a result.
The identified threats, which affect router types 57.69.91 and earlier, are listed below-
Effective exploitation of CVE-2024-12510 may enable verification information to be redirected to a renegade server, potentially exposing qualifications. This, however, requires an intruder to gain access to the LDAP design site and that LDAP is used for verification.
Similar to CVE-2024-12511, a destructive actor can modify the user address book’s IP address and force it to point to a host that is under their control, resulting in the capture of SMB or FTP authentication credentials during file record operations.
According to Heiland,” for this attack to be successful, the attacker needs to configure an SMB or FTP record work within the person’s address book as well as physical access to the printer console or remote-control console via the web interface,” according to Heiland. If user-level access to the remote-control device is not enabled,” this does need admin access.”
Following concerned reporting on March 26, 2024, the risks were addressed as part of released late last month for VersaLink C7020, 7025, and 7030 set printers.
Users are advised to create a complicated password for the admin account if quick patching is not an option, steer clear of using Windows authentication accounts with elevated privileges, and turn off the remote control console for unauthenticated users.
A widely used healthcare software named ( CVE-2024-56735 ), which was revealed as Specular founder and CEO Peyton Smith revealed an unauthenticated SQL injection vulnerability that could allow threat actors to access sensitive data from 23 healthcare organizations from the public internet.
The company said it identified 50 cases of internet-exposed MSOW cases, of which 23 are susceptible to security deficiencies.
The vulnerability may make it possible for” an attacker to retrieve the plaintext database contents in a Url response from a designed SQL injection HTTP payload,” Smith .” The entire database may be returned in-band.