A vulnerability has recently been identified in the Dell Built-in Remote Access Controller (iDRAC), which could allow hackers to gain full control of the functions servers. The controller was designed to securely manage local and remote servers to help IT administrators deploy, update, and monitor Dell EMC PowerEdge servers.
Η Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov Positive Technologies and has been rated with a score of 7.1 out of 10, which proves the high degree of risk that this entails.
Hackers can take advantage of this vulnerability and turn the product on or off or change the cooling or power settings. Such actions may sound relatively harmless, but they could potentially have a significant impact on business profits, which are already facing the effects of the global pandemic. COVID-19 in economy.
A spokesman for Positive Technologies said that if significant services were running on these servers, this vulnerability could make them temporarily unavailable and even lead to significant losses for businesses.
Kiguradze said that if intruders obtained the backup of a privileged user, they could take advantage of the vulnerability to block or shut down the server. He also explained that the iDRAC controller is used to manage key servers, effectively operating as a separate computer within the server itself.
IDRAC is running Linux and has a complete system files. The vulnerability makes it possible to read any file in the controller operating system and, in some cases, to interfere with the controller operation.
In addition, the researchers found that vulnerability affects controllers Dell EMC iDRAC9 with publications firmware before 220.127.116.11, while it can be used internally or externally. Specifically, Kiguradze pointed out that one attack can be executed externally - if an intruder has credentials, maybe with bruteforcing (although this is almost unlikely to happen, given the protection against product bruteforcing) or internally, as with a junior admin account with limited server access.
IDRAC is offered as an option for almost all current Dell servers. After detecting it vulnerability, Dell has released updated firmware urging users to install it as soon as possible. It also advises users not to connect iDRAC directly to the Internet, but to place it on a separate management network.