A recently disclosed vulnerability (CVE-2020-5366) in the iDRAC9 controller onboard Dell EMC PowerEdge 14th-Generation servers allows a malicious user to gain access to sensitive files located on the iDRAC, including stored user credentials.
The vulnerability uses a “Path Traversal” exploit and is rated a CVSSv3 Base Score of 7.1, indicating a severity rating of High.
“Path traversal is one of the three most common vulnerabilities researchers said that they come across in their investigations. If exploited, the flaw can allow attackers to view the content of server folders that should not be accessible even to someone who’s logged in as an ordinary site user. iDRAC runs on Linux, and the specific appeal to hackers in exploiting the vulnerability would be the ability to read the file /etc/passwd, which stores information about Linux users.“–Elizabeth Montalbano, Researchers Warn of High-Severity Dell PowerEdge Server Flaw
The vulnerability affects all versions of the iDRAC9 firmware prior to version 126.96.36.199 and is not known to affect older-generation systems at this time.
- DSA-2020-128: https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en
- CVE-2020-5366: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5366
SCTG is taking steps to mitigate this vulnerability on all internal Dell EMC 14th Generation servers and will be coordinating updates of affected dedicated servers across our customer base as soon as possible to ensure this vulnerability is resolved.
If you have any questions or concerns, feel free to contact our Service Desk at firstname.lastname@example.org.