Unencrypted Connection Vulnerability in Dell EMC iDRAC9

Unencrypted Connection Vulnerability in Dell EMC iDRAC9

CVE-2018-1249 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.

Learn more about our Web App Pen Testing.