Security vulnerabilities in iDRAC8/9 software put Dell servers at risk

Sicherheit (Pexels, allgemeine Nutzung)[German]Multiple vulnerabilities existed in the iDRAC8 and iDRAC9 management software used on Dell servers. The vulnerabilities allowed remote attackers to control the execution of processes and gain access to the underlying operating system via a stack buffer overflow flaw. Dell has since closed these vulnerabilities.

What is Dell iDRAC?

The Dell Remote Access Controller (DRAC) is an out-of-band management platform on certain Dell servers. The platform can be deployed on a separate expansion card or integrated into the motherboard. If the platform is integrated, it is referred to as iDRAC. Dell writes here that the integrated Dell Remote Access Controller (iDRAC) is designed for secure management of servers. This management can be done either locally or remotely. It allows IT administrators to provision, update and monitor (telemetry, thermal management, server management, etc.) Dell EMC PowerEdge servers, regardless of location or time.

Mitre warning about CVE-2021-36301

As of November 23, 2021, CVE-Report has warned of vulnerabilities in Dell iDRAC 9 before version 4.40.40.00 and iDRAC 8 before version 2.80.80.80 in this tweet.

CVE-2021-36301 in Dell iDRAC8/9

A stack buffer overflow in Racadm results in older iDRAC versions potentially allowing a remote attacker to exploit this vulnerability to control process execution and gain access to the underlying operating system. Dell has published support article DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities on this and rates the vulnerabilities as high or security critical. The support post lists all four vulnerabilities found so far with their CVSS Base Score and a description of the iDRAC software versions involved. The Dell page also contains links for the required updates of the iDRAC versions.

Workaround to mitigate the problem

Those who cannot update immediately have the option of making the vulnerability harmless by making configuration changes. CVE-2021-20235 is mitigated in Dell EMC iDRAC9 when the Group Manager feature is disabled. For information on the configuration steps for Group Manager, see the iDRAC9 Security Configuration Guide.

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *