Hackers could exploit iDRAC flaw to control EMC PowerEdge servers


Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations.

The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor Dell EMC PowerEdge servers.

A path transversal flaw allows hackers to read a file that stores data on Linux users. Just last week, Cisco urged organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild.

More than 500 iDRAC controllers are accessible over SNMP, a standard protocol for administering devices on IP networks, according to a Positive Technologies blog post.

Dell gave the nod in its patch announcement to Positive Technologies for discovering the flaw, which enabled an attacker to turn on or off Dell EMC PowerEdge servers, or change the cooling settings.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.