Researchers Warn of High-Severity Dell PowerEdge Server Flaw

2020-07-28 13:11

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations.

The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers.

The vulnerability can only be exploited if iDRAC is connected to the internet, which Dell EMC does not recommend, researchers said.

Still, researchers said that public search engines already discovered several Internet-accessible connections to iDRAC that could be exploited, as well as 500 controllers available for access using SNMP. The iDRAC controller is used by network administrators to manage key servers, "Effectively functioning as a separate computer inside the server itself," Kiguradze explained in a press statement.

To better secure Dell servers that use iDRAC, researchers recommended that customers place iDRAC on a separate administration network and don't connect the controller to the internet.

News URL

https://threatpost.com/researchers-warn-of-high-severity-dell-poweredge-server-flaw/157795/

#dell #researcher #server

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Dell		1742	98	467	311	95	971