This script is Copyright (C) 2015 Tenable Network Security, Inc.
The remote multi-function device is affected by a man-in-the-middle
According to its model number and software version, the remote Xerox
WorkCentre 6400 device is affected by a security feature bypass
vulnerability, known as FREAK (Factoring attack on RSA-EXPORT Keys),
due to the support of weak EXPORT_RSA cipher suites with keys less
than or equal to 512 bits. A man-in-the-middle attacker may be able to
downgrade the SSL/TLS connection to use EXPORT_RSA cipher suites which
can be factored in a short amount of time, allowing the attacker to
intercept and decrypt the traffic.
See also :
Apply the appropriate cumulative update as described in the Xerox
security bulletin in the referenced URL.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true