CVE-2018-1249

Summary

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRAC9unspecified < 3.21.21.21affected

Weaknesses

  • SSL Strip Vulnerability

ADP Enrichment

CVE Program Container

Additional References

References