CVE-2024-12510 - Vulnerability Details - OpenCVE

If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

History

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00257}`	epss `{'score': 0.00236}`

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 03 Feb 2025 20:45:00 +0000

Type	Values Removed	Values Added
References	https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AEfor-VersaLinkPhaser-and-WorkCentre.pdf

Mon, 03 Feb 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

Mon, 03 Feb 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
Title		LDAP Authentication Sever Pass-back attack
Weaknesses		CWE-287
References		https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AEfor-VersaLinkPhaser-and-WorkCentre.pdf
Metrics		cvssV3_1 `{'score': 6.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Xerox

Published: 2025-02-03T18:52:16.942Z

Updated: 2025-02-27T14:56:42.166Z

Reserved: 2024-12-11T13:24:56.453Z

Link: CVE-2024-12510

Vulnrichment

Updated: 2025-02-21T16:43:10.331Z

NVD

Status : Received

Published: 2025-02-03T19:15:11.827

Modified: 2025-02-03T20:15:32.690

Link: CVE-2024-12510

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12510", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-12-11T13:24:56.453Z", "datePublished": "2025-02-03T18:52:16.942Z", "dateUpdated": "2025-02-27T14:56:42.166Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B400", "vendor": "Xerox", "versions": [{"lessThan": "37.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B405", "vendor": "Xerox", "versions": [{"lessThan": "38.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C400", "vendor": "Xerox", "versions": [{"lessThan": "67.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C405", "vendor": "Xerox", "versions": [{"lessThan": "68.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B600/B610", "vendor": "Xerox", "versions": [{"lessThan": "32.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B605/B615", "vendor": "Xerox", "versions": [{"lessThan": "33.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C500/C600", "vendor": "Xerox", "versions": [{"lessThan": "61.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C505/C605", "vendor": "Xerox", "versions": [{"lessThan": "62.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7000", "vendor": "Xerox", "versions": [{"lessThan": "56.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7020/C7025/C7030", "vendor": "Xerox", "versions": [{"lessThan": "57.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7025/B7030/B7035", "vendor": "Xerox", "versions": [{"lessThan": "58.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7125/B7130/B7135", "vendor": "Xerox", "versions": [{"lessThan": "59.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7120/C7125/C7130", "vendor": "Xerox", "versions": [{"lessThan": "69.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000/C9000", "vendor": "Xerox", "versions": [{"lessThan": "70.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000W", "vendor": "Xerox", "versions": [{"lessThan": "72.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Phaser 6510", "vendor": "Xerox", "versions": [{"lessThan": "64.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "WorkCentre 6515", "vendor": "Xerox", "versions": [{"lessThan": "65.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-02-03T18:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."}], "value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."}], "impacts": [{"capecId": "CAPEC-136", "descriptions": [{"lang": "en", "value": "CAPEC-136: LDAP Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-03T19:20:36.405Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "LDAP Authentication Sever Pass-back attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T19:37:44.752191Z", "id": "CVE-2024-12510", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T14:56:42.166Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12510", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-12-11T13:24:56.453Z", "datePublished": "2025-02-03T18:52:16.942Z", "dateUpdated": "2025-02-27T14:56:42.166Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B400", "vendor": "Xerox", "versions": [{"lessThan": "37.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B405", "vendor": "Xerox", "versions": [{"lessThan": "38.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C400", "vendor": "Xerox", "versions": [{"lessThan": "67.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C405", "vendor": "Xerox", "versions": [{"lessThan": "68.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B600/B610", "vendor": "Xerox", "versions": [{"lessThan": "32.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B605/B615", "vendor": "Xerox", "versions": [{"lessThan": "33.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C500/C600", "vendor": "Xerox", "versions": [{"lessThan": "61.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C505/C605", "vendor": "Xerox", "versions": [{"lessThan": "62.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7000", "vendor": "Xerox", "versions": [{"lessThan": "56.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7020/C7025/C7030", "vendor": "Xerox", "versions": [{"lessThan": "57.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7025/B7030/B7035", "vendor": "Xerox", "versions": [{"lessThan": "58.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7125/B7130/B7135", "vendor": "Xerox", "versions": [{"lessThan": "59.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7120/C7125/C7130", "vendor": "Xerox", "versions": [{"lessThan": "69.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000/C9000", "vendor": "Xerox", "versions": [{"lessThan": "70.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000W", "vendor": "Xerox", "versions": [{"lessThan": "72.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Phaser 6510", "vendor": "Xerox", "versions": [{"lessThan": "64.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "WorkCentre 6515", "vendor": "Xerox", "versions": [{"lessThan": "65.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-02-03T18:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."}], "value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."}], "impacts": [{"capecId": "CAPEC-136", "descriptions": [{"lang": "en", "value": "CAPEC-136: LDAP Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287: Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-03T19:20:36.405Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "LDAP Authentication Sever Pass-back attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12510", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-12T19:37:44.752191Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-21T16:43:10.331Z"}}]}}