CVE-2024-12511 - Vulnerability Details - OpenCVE

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

History

Mon, 03 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 03 Feb 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
Title		SMB/FTP Address Book Scan Pass-back attack
Weaknesses		CWE-269
References		https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Xerox

Published: 2025-02-03T19:23:52.125Z

Updated: 2025-02-03T20:18:36.134Z

Reserved: 2024-12-11T13:24:57.952Z

Link: CVE-2024-12511

Vulnrichment

Updated: 2025-02-03T20:18:32.380Z

NVD

Status : Received

Published: 2025-02-03T20:15:32.797

Modified: 2025-02-03T20:15:32.797

Link: CVE-2024-12511

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12511", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-12-11T13:24:57.952Z", "datePublished": "2025-02-03T19:23:52.125Z", "dateUpdated": "2025-02-03T20:18:36.134Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B400", "vendor": "Xerox", "versions": [{"lessThan": "37.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B405", "vendor": "Xerox", "versions": [{"lessThan": "38.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C400", "vendor": "Xerox", "versions": [{"lessThan": "67.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C405", "vendor": "Xerox", "versions": [{"lessThan": "68.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B600/B610", "vendor": "Xerox", "versions": [{"lessThan": "32.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B605/B615", "vendor": "Xerox", "versions": [{"lessThan": "33.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C500/C600", "vendor": "Xerox", "versions": [{"lessThan": "61.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C505/C605", "vendor": "Xerox", "versions": [{"lessThan": "62.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7000", "vendor": "Xerox", "versions": [{"lessThan": "56.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7020/C7025/C7030", "vendor": "Xerox", "versions": [{"lessThan": "57.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7025/B7030/B7035", "vendor": "Xerox", "versions": [{"lessThan": "58.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7125/B7130/B7135", "vendor": "Xerox", "versions": [{"lessThan": "59.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7120/C7125/C7130", "vendor": "Xerox", "versions": [{"lessThan": "69.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000/C9000", "vendor": "Xerox", "versions": [{"lessThan": "70.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000W", "vendor": "Xerox", "versions": [{"lessThan": "72.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Phaser 6510", "vendor": "Xerox", "versions": [{"lessThan": "64.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "WorkCentre 6515", "vendor": "Xerox", "versions": [{"lessThan": "65.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-02-03T18:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."}], "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593: Session Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-03T19:23:52.125Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "SMB/FTP Address Book Scan Pass-back attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-03T20:18:28.894076Z", "id": "CVE-2024-12511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T20:18:36.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T20:18:28.894076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T20:18:32.380Z"}}], "cna": {"title": "SMB/FTP Address Book Scan Pass-back attack", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593: Session Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xerox", "product": "Versalink B400", "versions": [{"status": "affected", "version": "0", "lessThan": "37.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B405", "versions": [{"status": "affected", "version": "0", "lessThan": "38.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C400", "versions": [{"status": "affected", "version": "0", "lessThan": "67.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C405", "versions": [{"status": "affected", "version": "0", "lessThan": "68.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B600/B610", "versions": [{"status": "affected", "version": "0", "lessThan": "32.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B605/B615", "versions": [{"status": "affected", "version": "0", "lessThan": "33.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C500/C600", "versions": [{"status": "affected", "version": "0", "lessThan": "61.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C505/C605", "versions": [{"status": "affected", "version": "0", "lessThan": "62.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7000", "versions": [{"status": "affected", "version": "0", "lessThan": "56.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7020/C7025/C7030", "versions": [{"status": "affected", "version": "0", "lessThan": "57.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B7025/B7030/B7035", "versions": [{"status": "affected", "version": "0", "lessThan": "58.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B7125/B7130/B7135", "versions": [{"status": "affected", "version": "0", "lessThan": "59.24.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7120/C7125/C7130", "versions": [{"status": "affected", "version": "0", "lessThan": "69.24.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C8000/C9000", "versions": [{"status": "affected", "version": "0", "lessThan": "70.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C8000W", "versions": [{"status": "affected", "version": "0", "lessThan": "72.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Phaser 6510", "versions": [{"status": "affected", "version": "0", "lessThan": "64.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "WorkCentre 6515", "versions": [{"status": "affected", "version": "0", "lessThan": "65.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2025-02-03T18:44:00.000Z", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.", "supportingMedia": [{"type": "text/html", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269: Improper Privilege Management"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-02-03T19:23:52.125Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12511", "state": "PUBLISHED", "dateUpdated": "2025-02-03T20:18:36.134Z", "dateReserved": "2024-12-11T13:24:57.952Z", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "datePublished": "2025-02-03T19:23:52.125Z", "assignerShortName": "Xerox"}, "dataVersion": "5.1"}