"McAfee Vulnerability Manager" shows a new netbios vulnerability on Workcentre 7125
Software Version 71.21.21
Fips140 Mode is activated
NetBIOS Sessions Using Any Username And Password Are Allowed
The host allows remote computers to establish a NetBIOS session using any username and password.
The Network Basic Input/Output System (NetBIOS) is an Application Programming Interface (API) that allows computers to communicate over a network.
The host allows remote computers to establish a NetBIOS session using any username and password. On a Microsoft Windows machine, this indicates that the Guest account has a blank password.
On Windows systems, disable the Guest account or at least set a non-blank password for the account. For Samba on Linux, set the following in the smb.conf file: guest account = NO_SUCH_USER restrict anonymous = yes where NO_SUCH_USER is not a valid user in the password file. For other Unix based operating systems, refer the vendor specific documentation and restrict Samba guest account and anonymous login by making necessary changes in the Samba configuration file.
Is there a solution for this vulnerability?
If you don't mind losing the features that rely on Netbios to work you can simply disable it in CWIS
Just go to Properties>Connectivity>Protocols>Microsoft Networking and disable that, this one will just wipe out the print ability for anyone who installed the print driver via browsing for a network printer instead of installing it manually. This does not apply to those that browsed to an inhouse print server though. It will also disable the ability to get to the devices webui via Hostname instead of its IP address.
I don't believe there are any other places that have Netbios options, although scan to smb/ftp typically requires it for scanning to a hostname as opposed to the IP address, so in the case of DHCP networks this can cause a real headache.
Just remember what you disable as you might start getting calls from users asking why their printer disappeared, their scans stopped working, the bookmark in their browser stopped working so they can't get to the printers webpage, and of course if the user calls Xerox instead of you, or someone who knows these things were disabled, there is the possibility a tech will be paged to fix it by reloading the printer and wiping all data.