Unsolved
1 Rookie
•
40 Posts
0
914
November 4th, 2021 07:00
TLS Robot Vulnerability was detected by InfoSec
One our customer detected TLS Robot Vulnerability. I am just wondering what firmware they install. Do you know when it was fixed or how to fix it ? PowerEdge R320
Unfortunately not sure what firmware they have now but I assume older.
No Events found!
DELL-Chris H
7 Practitioner
•
9.7K Posts
•
48K Points
0
November 4th, 2021 13:00
Nintrix,
Starting with 2.60.60.60 you can specify ciphers in the iDRAC so you can remove any from port 443 that are flagged, but with port 5900 you cannot. The reason being is that 5900 is bound to TLS 1.1, but to resolve you just have to turn off virtual console/media in that scenario.
Let me know if this helps.
nintrix
1 Rookie
•
40 Posts
0
November 5th, 2021 07:00
Hi Chris,
Do you have more information regarding port 5900 and TLS or link where I can find more information about it ?
Cheers,
Nina
DELL-Chris H
7 Practitioner
•
9.7K Posts
•
48K Points
0
November 5th, 2021 09:00
We do, but not for the iDrac7. Such as we have this one for the iDrac9, but the features listed here aren't available on the iDrac7. So the only option to keep it from being flagged is to turn it off in the iDrac7.