Rapid7 reported these vulnerabilities to Xerox in March 2024, leading to the release of service pack updates in January 2025 for the affected VersaLink C7020, 7025, and 7030 series printers.

Despite the implementation of increased print security measures, confidence in their effectiveness remains low, with only 19% of IT decision-makers feeling completely secure in their print infrastructure in 2023.

Xerox addressed these vulnerabilities in Service Pack 57.75.53, released on March 26, 2024, confirming the effectiveness of the patches.

Organizations using affected printers are urged to upgrade to the latest firmware version immediately or implement strong administrative passwords and restrict access to enhance security.

In the interim, users are advised to set complex admin passwords, avoid using high-privilege accounts for LDAP and SMB, and disable unauthenticated remote access to mitigate risks.

These vulnerabilities, tracked as CVE-2024-12510 and CVE-2024-12511, affect models running firmware version 57.69.91 and earlier.

Specifically, CVE-2024-12511 enables attackers to modify the user address book, redirecting SMB or FTP scans to their controlled host, which can capture credentials during NetNTLMV2 handshakes or FTP transmissions, and has a CVSS score of 7.6.

The vulnerabilities highlight the risks associated with connected printers in enterprises, as multifunction printers (MFPs) are attractive targets for cybercriminals due to their network connections and data storage capabilities.

Weaknesses such as default passwords, unsecured connections, and outdated firmware contribute to the vulnerability of MFPs, underscoring the need for continuous updates and security measures.

Other manufacturers, including HP, have also reported security vulnerabilities in their printers, emphasizing the importance of vigilance across all devices.

Data breaches related to unsecured printing have increased, with 61% of companies reporting losses in 2023, a slight decrease from 67% in 2022.

Recent vulnerabilities in Xerox VersaLink multifunction printers, identified by Rapid7, could allow attackers to retrieve authentication credentials through pass-back attacks targeting LDAP and SMB/FTP services.