Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations. The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers. The path traversal vulnerability, found in Dell EMC iDRAC9 versions prior to 18.104.22.168, is rated as a 7.1 in terms of exploitability, giving it a high-severity vulnerability rating, according to an advisory published online by Dell.
A remote, authenticated malicious user with low privileges could potentially exploit the iDRAC flaw by manipulating input parameters to gain unauthorized read access to the arbitrary files, Dell EMC warned in its advisory. Dell has already released an update to the iDRAC firmware that fixes the flaw and it recommends customers update as soon as possible. The vulnerability can only be exploited if iDRAC is connected to the internet, which Dell EMC does not recommend, researchers said.
Still, researchers said that public search engines already discovered several Internet-accessible connections to iDRAC that could be exploited, as well as 500 controllers available for access using SNMP. The iDRAC controller is used by network administrators to manage key servers. To better secure Dell servers that use iDRAC, researchers recommended that customers place iDRAC on a separate administration network and don’t connect the controller to the internet.
The Dell Security Advisory with remediation instructions can be found here: https://www.dell.com/support/article/pt-pt/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en