Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Idrac9_firmware | Dell | * | 3.21.21.21 (excluding) |