CVE-2024-12511 - Vulnerability Details - OpenCVE

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf

History

Wed, 17 Sep 2025 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269

Wed, 17 Sep 2025 11:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-306 CWE-522

Mon, 14 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00175}`	epss `{'score': 0.00166}`

Mon, 03 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 03 Feb 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.
Title		SMB/FTP Address Book Scan Pass-back attack
Weaknesses		CWE-269
References		https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf
Metrics		cvssV3_1 `{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Xerox

Published: 2025-02-03T19:23:52.125Z

Updated: 2025-09-17T11:09:16.202Z

Reserved: 2024-12-11T13:24:57.952Z

Link: CVE-2024-12511

Vulnrichment

Updated: 2025-02-03T20:18:32.380Z

NVD

Status : Awaiting Analysis

Published: 2025-02-03T20:15:32.797

Modified: 2025-09-17T12:15:36.820

Link: CVE-2024-12511

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-12511", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2024-12-11T13:24:57.952Z", "datePublished": "2025-02-03T19:23:52.125Z", "dateUpdated": "2025-09-17T11:09:16.202Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B400", "vendor": "Xerox", "versions": [{"lessThan": "37.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B405", "vendor": "Xerox", "versions": [{"lessThan": "38.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C400", "vendor": "Xerox", "versions": [{"lessThan": "67.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C405", "vendor": "Xerox", "versions": [{"lessThan": "68.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B600/B610", "vendor": "Xerox", "versions": [{"lessThan": "32.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B605/B615", "vendor": "Xerox", "versions": [{"lessThan": "33.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C500/C600", "vendor": "Xerox", "versions": [{"lessThan": "61.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C505/C605", "vendor": "Xerox", "versions": [{"lessThan": "62.82.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7000", "vendor": "Xerox", "versions": [{"lessThan": "56.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7020/C7025/C7030", "vendor": "Xerox", "versions": [{"lessThan": "57.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7025/B7030/B7035", "vendor": "Xerox", "versions": [{"lessThan": "58.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink B7125/B7130/B7135", "vendor": "Xerox", "versions": [{"lessThan": "59.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C7120/C7125/C7130", "vendor": "Xerox", "versions": [{"lessThan": "69.24.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000/C9000", "vendor": "Xerox", "versions": [{"lessThan": "70.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Versalink C8000W", "vendor": "Xerox", "versions": [{"lessThan": "72.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "Phaser 6510", "vendor": "Xerox", "versions": [{"lessThan": "64.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unknown", "platforms": ["Windows"], "product": "WorkCentre 6515", "vendor": "Xerox", "versions": [{"lessThan": "65.75.53", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-02-03T18:44:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."}], "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access."}], "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593: Session Hijacking"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-09-17T11:09:16.202Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "SMB/FTP Address Book Scan Pass-back attack", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-03T20:18:28.894076Z", "id": "CVE-2024-12511", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T20:18:36.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-12511", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-03T20:18:28.894076Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-03T20:18:32.380Z"}}], "cna": {"title": "SMB/FTP Address Book Scan Pass-back attack", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-593", "descriptions": [{"lang": "en", "value": "CAPEC-593: Session Hijacking"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xerox", "product": "Versalink B400", "versions": [{"status": "affected", "version": "0", "lessThan": "37.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B405", "versions": [{"status": "affected", "version": "0", "lessThan": "38.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C400", "versions": [{"status": "affected", "version": "0", "lessThan": "67.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C405", "versions": [{"status": "affected", "version": "0", "lessThan": "68.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B600/B610", "versions": [{"status": "affected", "version": "0", "lessThan": "32.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B605/B615", "versions": [{"status": "affected", "version": "0", "lessThan": "33.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C500/C600", "versions": [{"status": "affected", "version": "0", "lessThan": "61.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C505/C605", "versions": [{"status": "affected", "version": "0", "lessThan": "62.82.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7000", "versions": [{"status": "affected", "version": "0", "lessThan": "56.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7020/C7025/C7030", "versions": [{"status": "affected", "version": "0", "lessThan": "57.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B7025/B7030/B7035", "versions": [{"status": "affected", "version": "0", "lessThan": "58.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink B7125/B7130/B7135", "versions": [{"status": "affected", "version": "0", "lessThan": "59.24.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C7120/C7125/C7130", "versions": [{"status": "affected", "version": "0", "lessThan": "69.24.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C8000/C9000", "versions": [{"status": "affected", "version": "0", "lessThan": "70.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Versalink C8000W", "versions": [{"status": "affected", "version": "0", "lessThan": "72.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "Phaser 6510", "versions": [{"status": "affected", "version": "0", "lessThan": "64.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}, {"vendor": "Xerox", "product": "WorkCentre 6515", "versions": [{"status": "affected", "version": "0", "lessThan": "65.75.53", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unknown"}], "datePublic": "2025-02-03T18:44:00.000Z", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox%C2%AE-for-VersaLinkPhaser-and-WorkCentre.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.", "supportingMedia": [{"type": "text/html", "value": "With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2025-09-17T11:09:16.202Z"}}}, "cveMetadata": {"cveId": "CVE-2024-12511", "state": "PUBLISHED", "dateUpdated": "2025-09-17T11:09:16.202Z", "dateReserved": "2024-12-11T13:24:57.952Z", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "datePublished": "2025-02-03T19:23:52.125Z", "assignerShortName": "Xerox"}, "dataVersion": "5.1"}