Security News > 2020 > July > Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Researchers Warn of High-Severity Dell PowerEdge Server Flaw
2020-07-28 13:11

Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations.

The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers.

The vulnerability can only be exploited if iDRAC is connected to the internet, which Dell EMC does not recommend, researchers said.

Still, researchers said that public search engines already discovered several Internet-accessible connections to iDRAC that could be exploited, as well as 500 controllers available for access using SNMP. The iDRAC controller is used by network administrators to manage key servers, "Effectively functioning as a separate computer inside the server itself," Kiguradze explained in a press statement.

To better secure Dell servers that use iDRAC, researchers recommended that customers place iDRAC on a separate administration network and don't connect the controller to the internet.


News URL

https://threatpost.com/researchers-warn-of-high-severity-dell-poweredge-server-flaw/157795/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Dell 1664 29 431 411 109 980