Critical path traversal vulnerability Dell PowerEdge servers can allow remote hackers to take over control of server operations
Security researchers from Positive Technologies have discovered a highly critical path traversal vulnerability in the iDRAC technology used by Dell PowerEdge servers. The vulnerability can allow potential hackers to remotely take control of the target server.
The security research team of Georgy Kiguradze and Mark Ermolov discovered the flaw and have published a detailed analysis today. The path traversal vulnerability in Dell EMC iDRAC9 versions prior to 126.96.36.199 has been given the unique identifier CVE-2020-5366 and has a severity score on 7.1/10.
An advisory by Dell says that the web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers. The vulnerability allowed the potential hackers to view the content of server folders that should not be accessible even to someone who’s logged in as an ordinary site user. The vulnerability also gave the potential hacker the ability to read file /etc/passwd, which stores user information on the iDRAC Linux servers.
Any authenticated user with low privileges could potentially exploit the iDRAC flaw by manipulating input parameters to gain unauthorized read access to the arbitrary files, Dell EMC warned in its advisory.
The Positive Technologies researchers say that Dell PowerEdge server admins should put iDRAC on a separate administration network and don’t connect the controller to the internet. Companies also should isolate the administration network or VLAN (such as with a firewall) and restrict access to the subnet or VLAN to authorized server administrators only.
While Dell advisory recommends upgrading the iDRAC firmware to 188.8.131.52. If the sysadmin wants to continue with the current configuration, you should secure iDRAC against intrusion by using 256-bit encryption and TLS 1.2 or later; configuration options such as IP address range filtering and system lockdown mode; and additional authentication such as Microsoft Active Directory or LDAP.