Dell has patched a path-traversal vulnerability in the remote management web interface for its latest PowerEdge servers
The iDRAC controller is a Linux computer within the PowerEdge server which is used to remotely manage the host server – even when the host itself is powered down.
According to Dell’s security advisory:
Dell EMC iDRAC9 versions prior to 22.214.171.124 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
Remote management interfaces make life easier for Systems Administrators but must be carefully secured to prevent their abuse.
Best practices for securing remote management interfaces include:
- Isolate them on a separate management network, they are not designed nor intended to be placed on, nor connected directly to the Internet.
- Usually a dedicated Ethernet port is provided for the management interface – connect it directly to a separate management network segment which is isolated using firewalls and restricts access only to authorised users.
- Create new user accounts and disable the default vendor supplied user account (which is usually well known or easily discoverable)