Unsolved
This post is more than 5 years old
6 Posts
0
3813
June 21st, 2016 02:00
SSL v3 Idrac7
Hi,
I have a SSL v3 vulnerability on my Idrac 7. I have found the and installed the latest firmware ( iDRAC7 1.66.65), but the vulnerability still exist.
Is the DRAC7 1.66.65 firmware the latest ?
Kind regards
Jeroen Louwers
0 events found
No Events found!
DELL-Chris H
7 Practitioner
•
9.7K Posts
•
48K Points
0
June 21st, 2016 09:00
Jeroenlouwers,
Version 1.66.65 is indeed the most recent version of the iDrac7 firmware. Could you clarify the specific vulnerability that you are seeing on the server?
Let me know.
DELL-Shine K
6 Operator
•
3K Posts
1
June 21st, 2016 21:00
You can install 2.30.30.30 firmware on the server and check the behavior. You can download 2.30.30.30 firmware from below link
www.dell.com/.../DriversDetails
jeroenlouwers
6 Posts
0
June 22nd, 2016 01:00
Hi Chris,
Thanks for your response
The company I work for, do vulnerability scanning, In the output I get , SSLv3 is supported with in the DRAC7 . I need to disable SSL v3.
I had the same issue with iDrac 6, but with the latest patch ( iDRAC6 1.99.06 Rev A00) SSl v3 is now disabled
How can I disable SSL v3 within iDrac 7 ?
Kind regards.
Jeroen
DELL-Chris H
7 Practitioner
•
9.7K Posts
•
48K Points
0
June 24th, 2016 10:00
Page 74 here will go into disabling SSL encryption with the VNC.
Now on a side note DRAC’s are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the internet.
This was the response to the vulnerability that Dell released as well.