- This topic is empty.
-
Posts
-
Critical Vulnerabilities in Xerox, Lexmark,
and FUJIFILM Printers Expose Networks to Attack.
Recent reports have identified critical vulnerabilities in printers from Xerox, Lexmark, and FUJIFILM, posing significant security risks to organizations.Xerox VersaLink Printer Vulnerabilities
Researchers at Rapid7 have discovered two vulnerabilities, designated as CVE-2024-12510 and CVE-2024-12511, in Xerox VersaLink multifunction printers. These flaws enable attackers to perform pass-back attacks, capturing authentication credentials from LDAP and SMB/FTP services. By manipulating the printer’s configuration, an attacker can redirect authentication attempts to a malicious server, thereby intercepting sensitive information. Xerox has addressed these issues with security updates, and administrators are urged to apply the patches promptly.Lexmark Print Management Client Vulnerability
A critical vulnerability, identified as CVE-2025-1126, has been found in the Lexmark Print Management Client (LPMC). This flaw allows attackers to execute arbitrary code and delete sensitive files on affected systems by exploiting untrusted inputs in security decisions. The vulnerability affects LPMC versions 3.0.0 through 3.4.0 across Windows, Mac, and Linux platforms. Lexmark has released version 3.5.0 to mitigate this issue, and users are strongly advised to update immediately.FUJIFILM Printer Job Language File Processing Vulnerability
FUJIFILM has reported a vulnerability in the Print Job Language (PJL) file processing of certain printers, which may cause the devices to freeze when handling invalid PJL files. The issue arises from improper validation of data length, leading to potential buffer overflows (CWE-787, CVE-2024-45320). Affected models include DocuPrint CP225w, CP228w, CM225fw, and CM228fw with specific firmware versions. FUJIFILM recommends updating to the latest firmware to resolve this issue.Recommendations
Organizations utilizing these printers should:
Apply Patches: Ensure all devices are updated with the latest firmware and software patches provided by the manufacturers. Review Configurations: Regularly audit printer configurations to prevent unauthorized access and modifications. Network Segmentation: Isolate printers on separate network segments to minimize potential lateral movement by attackers. Monitor Activity: Implement logging and monitoring to detect unusual activities related to printing devices.By addressing these vulnerabilities promptly, organizations can enhance their security posture and protect sensitive information from potential threats.
- You must be logged in to reply to this topic.