Researchers Warn of High-Severity Dell PowerEdge Server Flaw

guest · Jul 28, 2020

Researchers Warn of High-Severity Dell PowerEdge Server Flaw
A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations
July 28, 2020
https://threatpost.com/researchers-warn-of-high-severity-dell-poweredge-server-flaw/157795/

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations.

The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers. While the vulnerability was fixed earlier in July, Georgy Kiguradze and Mark Ermolov, the researchers with Positive Technologies who discovered the flaw, published a detailed analysis, Tuesday.

The path traversal vulnerability (CVE-2020-5366), found in Dell EMC iDRAC9 versions prior to 4.20.20.20, is rated as a 7.1 in terms of exploitability, giving it a high-severity vulnerability rating, according to an advisory published online by Dell.
Click to expand...

iDRAC is designed to allow IT administrators to remotely deploy, update, monitor and maintain Dell servers without installing new software. Dell has already released an update to the iDRAC firmware that fixes the flaw and it recommends customers update as soon as possible.

“iDRAC runs on ordinary Linux, although in a limited configuration, and has a fully-fledged file system,” he said. “The vulnerability makes it possible to read any file in the controller’s operating system, and in some cases, to interfere with operation of the controller–for instance during reading symbolic Linux devices like /dev/urandom.”
Click to expand...

Positive Technologies: Dell EMC fixes iDRAC vulnerability found by Positive Technologies

Log in or Sign up

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

guest Guest

Log in or Sign up

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

guest Guest

Useful Searches