Vulnerabilities in Xerox VersaLink multifunction printers could allow attackers to retrieve authentication credentials via pass-back attacks targeting LDAP and SMB/FTP services, Rapid7 discovered.
Two security defects were identified in the all-in-one enterprise color printers, namely CVE-2024-12510 and CVE-2024-12511, and Xerox released security updates to address both.
https://www.securityweek.com/xerox-vers ... -movement/