Researchers were found a web vulnerability in the Dell EMC iDRAC remote access technology embedded within the latest versions of Dell PowerEdge servers. Dell PowerEdge server flaw was fixed earlier in July. Georgy Kiguradze and Mark Ermolov from Positive Technologies who discovered the flaw published a detailed analysis.
Details of the vulnerability
The path traversal vulnerability (CVE-2020-5366), found in Dell EMC iDRAC9 versions prior to 126.96.36.199, is rated as a 7.1 in terms of exploitability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files, according to Dell.
Georgy Kiguradze said,
“The iDRAC controller is used by network administrators to manage key servers, “effectively functioning as a separate computer inside the server itself. iDRAC runs on ordinary Linux, although in a limited configuration, and has a fully-fledged file system. The vulnerability makes it possible to read any file in the controller’s operating system, and in some cases, to interfere with the operation of the controller–for instance during reading symbolic Linux devices like /dev/urandom.”
Dell EMC Best Practices regarding iDRAC:
- The iDRAC is intended to be on a separate management network. The iDRAC is not designed nor intended to be placed on, nor connected directly to the Internet. Doing so could expose the connected system to security and other risks for which Dell EMC is not responsible.
- Dell EMC recommends using the Dedicated Gigabit Ethernet port available on rack and tower servers to connect the iDRAC to a separate management network.
- Along with locating iDRAC on a separate management network, users should isolate the management subnet/vLAN with technologies such as firewalls, and limit access to the subnet/vLAN to authorized server administrators.
- Dell EMC recommends using 256-bit encryption strength as well as TLS 1.2 or higher. For tighter control, additional ciphers may be removed via “Cipher Select” – see the iDRAC User Guide for more details.
- Dell EMC recommends additional settings such as IP range filtering and System Lockdown Mode.
- Dell EMC recommends using additional security authentication options such as Microsoft Active Directory or LDAP.
- Dell EMC recommends keeping iDRAC firmware up to date.
Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell EMC, or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages.