Sunday, February 21, 22:22
Home security Dell fixes critical vulnerability found on iDRAC controller!

Dell fixes critical vulnerability found on iDRAC controller!

A vulnerability has recently been identified in the Dell Built-in Remote Access Controller (iDRAC), which could allow hackers to gain full control of the functions servers. The controller was designed to securely manage local and remote servers to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers.


Η Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov Positive Technologies and has been rated with a score of 7.1 out of 10, which proves the high degree of risk that this entails.

DELL iDRAC

Hackers can take advantage of this vulnerability and turn the product on or off or change the cooling or power settings. Such actions may sound relatively harmless, but they could potentially have a significant impact on business profits, which are already facing the effects of the global pandemic. COVID-19 in economy.

A spokesman for Positive Technologies said that if significant services were running on these servers, this vulnerability could make them temporarily unavailable and even lead to significant losses for businesses.

Kiguradze said that if intruders obtained the backup of a privileged user, they could take advantage of the vulnerability to block or shut down the server. He also explained that the iDRAC controller is used to manage key servers, effectively operating as a separate computer within the server itself.

vulnerability-hackers

IDRAC is running Linux and has a complete system files. The vulnerability makes it possible to read any file in the controller operating system and, in some cases, to interfere with the controller operation.

In addition, the researchers found that vulnerability affects controllers Dell EMC iDRAC9 with publications firmware before 4.20.20.20, while it can be used internally or externally. Specifically, Kiguradze pointed out that one attack can be executed externally - if an intruder has credentials, maybe with bruteforcing (although this is almost unlikely to happen, given the protection against product bruteforcing) or internally, as with a junior admin account with limited server access.

IDRAC is offered as an option for almost all current Dell servers. After detecting it vulnerability, Dell has released updated firmware urging users to install it as soon as possible. It also advises users not to connect iDRAC directly to the Internet, but to place it on a separate management network.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...