Dell EMC iDRAC9 versions before 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell idrac9 firmware |