Xerox Workplace Suite Vulnerability Let Attackers Bypass API Security

Xerox has released a critical security bulletin addressing multiple vulnerabilities in its Xerox Workplace Suite, a widely used print management server solution. 

These vulnerabilities, identified as CVE-2024-55925 through CVE-2024-55931, could allow attackers to bypass API security, manipulate headers, and exploit weak configurations, posing significant risks to organizations relying on the software for secure print and document management.

Are you from SOC/DFIR Teams? - Analyse Malware Files & Links with ANY.RUN Sandox -> Try for Free

Xerox Workplace Suite Vulnerability

The vulnerabilities affect Xerox Workplace Suite versions prior to 5.6.701.9. The issues range from API security bypasses to improper handling of sensitive data and flawed token implementations. Below is a breakdown of the critical vulnerabilities:

• CVE-2024-55925: Exploits API security through header manipulation, allowing attackers to bypass authentication mechanisms.
• CVE-2024-55926: Enables arbitrary file upload, deletion, and reading on the server via header manipulation (classified under CWE-434). This flaw compromises confidentiality, integrity, and availability.
• CVE-2024-55927: Involves flawed token generation and hard-coded cryptographic keys, exposing systems to unauthorized access.
• CVE-2024-55928: Returns sensitive system secrets in plaintext, increasing the risk of data breaches.
• CVE-2024-55929: Permits email spoofing, which could facilitate phishing attacks.
• CVE-2024-55930: Relates to weak default folder permissions that could be exploited for privilege escalation.
• CVE-2024-55931: Stores tokens in session storage instead of secure alternatives, leaving them vulnerable to theft (this issue remains unresolved but is slated for a future fix).

These vulnerabilities collectively undermine the security framework of Xerox Workplace Suite by exposing critical components such as API endpoints and session tokens to exploitation. 

Cyril Servières of Orange Cyberdefense identified the vulnerabilities with support from Sébastien Desbordes of Airbus SE.

Mitigation Measures

Xerox has addressed most of these vulnerabilities in version 5.6.701.9 of the Workplace Suite. Organizations are strongly advised to upgrade immediately to this version to mitigate risks. Additionally:

• Implement strict access controls and monitor API usage logs for suspicious activity.
• Use secure storage mechanisms for session tokens and cryptographic keys.
• Regularly audit server configurations to ensure proper permissions and encryption standards.

For CVE-2024-55931, which remains unresolved, organizations should adopt interim measures such as restricting access to session storage and using secure cookies wherever possible.

Xerox Workplace Suite users must act swiftly to apply the necessary patches and strengthen their overall security posture against potential exploitation.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar