cancel
Showing results for 
Search instead for 
Did you mean: 
cku New Member
New Member

Xerox Workcentre 7125 NetBIOS vulnerability

Hello,

 

"McAfee Vulnerability Manager" shows a new netbios vulnerability on Workcentre 7125

Software Version 71.21.21

Fips140 Mode is activated

 

NetBIOS Sessions Using Any Username And Password Are Allowed

Description

The host allows remote computers to establish a NetBIOS session using any username and password.

Observation

The Network Basic Input/Output System (NetBIOS) is an Application Programming Interface (API) that allows computers to communicate over a network.

 

The host allows remote computers to establish a NetBIOS session using any username and password. On a Microsoft Windows machine, this indicates that the Guest account has a blank password.

Recommendation

On Windows systems, disable the Guest account or at least set a non-blank password for the account. For Samba on Linux, set the following in the smb.conf file: guest account = NO_SUCH_USER restrict anonymous = yes where NO_SUCH_USER is not a valid user in the password file. For other Unix based operating systems, refer the vendor specific documentation and restrict Samba guest account and anonymous login by making necessary changes in the Samba configuration file.

 

 

Is there a solution for this vulnerability?

 

thanks,

christoph

0 Kudos
1 Reply
Analyst Nation Moderator Joe053204-hcl
Analyst Nation Moderator

Re: Xerox Workcentre 7125 NetBIOS vulnerability

If you don't mind losing the features that rely on Netbios to work you can simply disable it in CWIS

 

Just go to Properties>Connectivity>Protocols>Microsoft Networking and disable that, this one will just wipe out the print ability for anyone who installed the print driver via browsing for a network printer instead of installing it manually. This does not apply to those that browsed to an inhouse print server though. It will also disable the ability to get to the devices webui via Hostname instead of its IP address.

 

I don't believe there are any other places that have Netbios options, although scan to smb/ftp typically requires it for scanning to a hostname as opposed to the IP address, so in the case of DHCP networks this can cause a real headache.

 

Just remember what you disable as you might start getting calls from users asking why their printer disappeared, their scans stopped working, the bookmark in their browser stopped working so they can't get to the printers webpage, and of course if the user calls Xerox instead of you, or someone who knows these things were disabled, there is the possibility a tech will be paged to fix it by reloading the printer and wiping all data.

 

 

Please be sure to select "Accept Solution" and or select the thumbs up icon to enter Kudos for posts that resolve your issues. Your feedback counts!

Joe
0 Kudos