CVE-2024-12510 (GCVE-0-2024-12510)
Vulnerability from cvelistv5 – Published: 2025-02-03 18:52 – Updated: 2025-02-27 14:56
VLAI
Title
LDAP Authentication Sever Pass-back attack
Summary
If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.
Severity
6.7 (Medium)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
17 products
| Vendor | Product | Version | |
|---|---|---|---|
| Xerox | Versalink B400 |
Affected:
0 , < 37.82.53
(custom)
|
|
| Xerox | Versalink B405 |
Affected:
0 , < 38.82.53
(custom)
|
|
| Xerox | Versalink C400 |
Affected:
0 , < 67.82.53
(custom)
|
|
| Xerox | Versalink C405 |
Affected:
0 , < 68.82.53
(custom)
|
|
| Xerox | Versalink B600/B610 |
Affected:
0 , < 32.82.53
(custom)
|
|
| Xerox | Versalink B605/B615 |
Affected:
0 , < 33.82.53
(custom)
|
|
| Xerox | Versalink C500/C600 |
Affected:
0 , < 61.82.53
(custom)
|
|
| Xerox | Versalink C505/C605 |
Affected:
0 , < 62.82.53
(custom)
|
|
| Xerox | Versalink C7000 |
Affected:
0 , < 56.75.53
(custom)
|
|
| Xerox | Versalink C7020/C7025/C7030 |
Affected:
0 , < 57.75.53
(custom)
|
|
| Xerox | Versalink B7025/B7030/B7035 |
Affected:
0 , < 58.75.53
(custom)
|
|
| Xerox | Versalink B7125/B7130/B7135 |
Affected:
0 , < 59.24.53
(custom)
|
|
| Xerox | Versalink C7120/C7125/C7130 |
Affected:
0 , < 69.24.53
(custom)
|
|
| Xerox | Versalink C8000/C9000 |
Affected:
0 , < 70.75.53
(custom)
|
|
| Xerox | Versalink C8000W |
Affected:
0 , < 72.75.53
(custom)
|
|
| Xerox | Phaser 6510 |
Affected:
0 , < 64.75.53
(custom)
|
|
| Xerox | WorkCentre 6515 |
Affected:
0 , < 65.75.53
(custom)
|
Date Public
2025-02-03 18:44
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12510",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-12T19:37:44.752191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:56:42.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B400",
"vendor": "Xerox",
"versions": [
{
"lessThan": "37.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B405",
"vendor": "Xerox",
"versions": [
{
"lessThan": "38.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C400",
"vendor": "Xerox",
"versions": [
{
"lessThan": "67.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C405",
"vendor": "Xerox",
"versions": [
{
"lessThan": "68.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B600/B610",
"vendor": "Xerox",
"versions": [
{
"lessThan": "32.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B605/B615",
"vendor": "Xerox",
"versions": [
{
"lessThan": "33.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C500/C600",
"vendor": "Xerox",
"versions": [
{
"lessThan": "61.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C505/C605",
"vendor": "Xerox",
"versions": [
{
"lessThan": "62.82.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7000",
"vendor": "Xerox",
"versions": [
{
"lessThan": "56.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7020/C7025/C7030",
"vendor": "Xerox",
"versions": [
{
"lessThan": "57.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B7025/B7030/B7035",
"vendor": "Xerox",
"versions": [
{
"lessThan": "58.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink B7125/B7130/B7135",
"vendor": "Xerox",
"versions": [
{
"lessThan": "59.24.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C7120/C7125/C7130",
"vendor": "Xerox",
"versions": [
{
"lessThan": "69.24.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C8000/C9000",
"vendor": "Xerox",
"versions": [
{
"lessThan": "70.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Versalink C8000W",
"vendor": "Xerox",
"versions": [
{
"lessThan": "72.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "Phaser 6510",
"vendor": "Xerox",
"versions": [
{
"lessThan": "64.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"platforms": [
"Windows"
],
"product": "WorkCentre 6515",
"vendor": "Xerox",
"versions": [
{
"lessThan": "65.75.53",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-02-03T18:44:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."
}
],
"value": "If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup."
}
],
"impacts": [
{
"capecId": "CAPEC-136",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-136: LDAP Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T19:20:36.405Z",
"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"shortName": "Xerox"
},
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "LDAP Authentication Sever Pass-back attack",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"assignerShortName": "Xerox",
"cveId": "CVE-2024-12510",
"datePublished": "2025-02-03T18:52:16.942Z",
"dateReserved": "2024-12-11T13:24:56.453Z",
"dateUpdated": "2025-02-27T14:56:42.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-12510",
"date": "2026-05-29",
"epss": "0.00102",
"percentile": "0.27669"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12510\",\"sourceIdentifier\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"published\":\"2025-02-03T19:15:11.827\",\"lastModified\":\"2025-02-03T20:15:32.690\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.\"},{\"lang\":\"es\",\"value\":\"Si se accede a la configuraci\u00f3n de LDAP, la autenticaci\u00f3n podr\u00eda redirigirse a otro servidor, lo que podr\u00eda exponer las credenciales. Esto requiere acceso de administrador y una configuraci\u00f3n de LDAP activa.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf\",\"source\":\"10b61619-3869-496c-8a1e-f291b0e71e3f\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B400\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"37.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B405\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"38.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C400\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"67.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C405\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"68.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B600/B610\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"32.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B605/B615\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"33.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C500/C600\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"61.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C505/C605\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"62.82.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C7000\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"56.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C7020/C7025/C7030\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"57.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B7025/B7030/B7035\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"58.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink B7125/B7130/B7135\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"59.24.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C7120/C7125/C7130\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"69.24.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C8000/C9000\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"70.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Versalink C8000W\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"72.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"Phaser 6510\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"64.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"platforms\": [\"Windows\"], \"product\": \"WorkCentre 6515\", \"vendor\": \"Xerox\", \"versions\": [{\"lessThan\": \"65.75.53\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2025-02-03T18:44:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.\"}], \"value\": \"If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup.\"}], \"impacts\": [{\"capecId\": \"CAPEC-136\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-136: LDAP Injection\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"LOW\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"10b61619-3869-496c-8a1e-f291b0e71e3f\", \"shortName\": \"Xerox\", \"dateUpdated\": \"2025-02-03T19:20:36.405Z\"}, \"references\": [{\"url\": \"https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"LDAP Authentication Sever Pass-back attack\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12510\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-12T19:37:44.752191Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-21T16:43:10.331Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12510\", \"assignerOrgId\": \"10b61619-3869-496c-8a1e-f291b0e71e3f\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"Xerox\", \"dateReserved\": \"2024-12-11T13:24:56.453Z\", \"datePublished\": \"2025-02-03T18:52:16.942Z\", \"dateUpdated\": \"2025-02-27T14:56:42.166Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…