McAfee scan detected vulnerabilities on Xerox Workcentre 7525 & 7545 -
Web Server Supports Outdated SSLv2 Protocol
Web Server Supports Weak SSL Encryption Certificates
firmware is up to date (061.121.222.06508)
Any ideas to fix this issue?
Solved! Go to Solution.
Thank you for using the Support Forum. Please take a look at the solution for enabling the Secure HTTP and see if this clears the problem. Also make sure you check our security site for any updates that might impact your machine. If this does not help please consider contacting your support centre for further assistance.
this is the solution from a xerox product Security Specialist:
Both the vulnerabilities you cite - Web Server Supports Outdated SSLv2 Protocol and Web Server Supports Weak SSL Encryption Certificates - come from the same root cause. The reason you get these two vulnerabilities is that the WC 75xx MFDs are designed to accept and support whichever version of SSL - SSLv2 or SSLv3 - the client/server interfacing with our Xerox device transmits to the device. Since SSLv2 is considered to be a weak security protocol, the fact that our device supports SSLv2 and doesn't automatically force the use of the stronger SSLv3 protocol is the reason you get these two vulnerabilities cited.
In the case of the WC 7525 you can force the device to use only SSLv3 by putting the device into FIPS 140-2 mode. That will force the device to use only SSLv3 because only SSLv3 is FIPS compliant. The steps to place the device into FIPS 140-2 mode can be found on page 76 of the System Administration Manual for the WC 75xx product family which you can find at http://www.support.xerox.com/support/workcentre-7545-7556/documentation/enus.html?associatedProduct=.... Just note that even if you put the device in FIPS 140-2 mode, the fact that the device still potentially can support SSLv2 will likely mean that these two vulnerabilities would still show up in a vulnerability scan, but they both now have been effectively mitigated.