A serious vulnerability existed in the DELL EMC iDRAC Controller. Exploiting the bug could allow unauthorized access to a remote attacker to execute various malicious activities.
Dell EMC iDRAC Controller Vulnerability
Researchers from Positive Technologies have caught a serious security vulnerability in the Dell EMC iDRAC remote access controller. They have shared the details of their findings in a recent blog post.
The DELL EMC iDRAC controller is an independent component of the server that works as a separate entity. It primarily manages server keys and has a full-fledged file system. Hence, a vulnerability affecting this component may allow an attacker to gain access to the server. This is particularly dangerous if the iDRAC is exposed to the internet.
Specifically, they found a path traversal vulnerability in the iDRAC controller that could allow an attacker to achieve full control of the target server. Explaining the flaw, Georgy Kiguradze, one of the researchers who discovered this flaw, said,
The vulnerability makes it possible to read any file in the controller’s operating system, and in some cases, to interfere with operation of the controller (for instance during reading symbolic Linux devices like /dev/urandom). If attackers obtain the backup of a privileged user, they can block or disrupt the server’s operation.
Regarding the ways to exploit the bug, he explained that an attacker could either gain access to the server via an authorized admin account with limited privileges. Or, accessing the server by brute-forcing credentials was also possible. Though, the latter is unlikely because of the anti-brute forcing measures of the product.
Dell Patched The Vulnerability
Following the discovery of the flaw, the researchers reached out to the vendors to inform them of the flaw. Consequently, DELL EMC acknowledged their findings in their advisory regarding the vulnerability.
As stated, this vulnerability, CVE-2020-5366, received a high-severity rating with a CVSS score of 7.1. It primarily affected Dell EMC iDRAC9 versions before 126.96.36.199. Explaining the flaw, the advisory reads,
A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
DELL EMC released the patch for this bug with iDRAC9 firmware version 188.8.131.52. They urge all users to update to the latest version to avoid any mishap.
Also, DELL shared the best practices for iDRAC in their advisory, the top of which includes segregating iDRAC from the internet.
Let us know your thoughts in the comments.