Dell EMC iDRAC Integrated Dell Remote Access Controller

2020

Elimination of the vulnerability allowing the malefactor to receive full control over operation of the server

On July 28, 2020 the Positive Technologies company reported that experts Georgy Kiguradze and Mark Yermolov detected dangerous web vulnerability in the server controller of remote access Dell EMC iDRAC. Its operation can lead to the fact that the malefactor will receive full control over operation of the server for its inclusion and switching off, change of settings of cooling, a power supply, etc. The Dell EMC company released the updated microprogram for the device and recommends to set it as soon as possible.

Dell EMC iDRAC

Vulnerability with identifier CVE-2020-5366 belongs to the class Path Traversal, it received assessment 7.1 that corresponds to the high level of danger. The removed authenticated malefactor with the low level of privileges can use this error to get unauthorized access for reading any files.

Despite recommendations Dell not to connect iDRAC to to the Internet, in opened search systems for July, 2020 it is already possible to detect several connections which are available from a global network that facilitates implementation attacks for the malefactor. Besides, more than 500 such controllers are available on to the protocol SNMP.

"The iDRAC controller exercises control of servers and is in fact the separate computer in the server. The device works based on the normal Linux system though which is cut down to a configuration and has the full file system. Vulnerability allows to read any file in the operating system of the controller, in some cases to interrupt for some time operation of the controller (for example, when reading character Linux devices, such as / dev/urandom), and when receiving a backup of the privileged user — to block or break operation of the server. It can be as the external attack if at attacking there are data for authorization received, for example, through search of passwords (though it is difficult as protection against search is provided in a product), and internal, from the account of the junior administrator at which access to the server is limited", 'Georgy Kiguradze, the expert of Positive Technologies noted'

"Exit out of directory limits" (Path Traversal), by Positive Technologies estimates, regularly enters in top-3 the most widespread vulnerabilities. Using Path Traversal the malefactor can browse contents of those folders on the server which should not be available to the normal user even in case of authorization on the website. Most often hackers try to read file/etc/passwd in which information on users of Linux is stored.

Vulnerabilities are subject Dell EMC iDRAC9 controllers with versions of firmwares to 4.20.20.20. For elimination of vulnerability it is necessary to set microprogram providing Dell EMC iDRAC9 v4.20.20.20, to close the standard public and private SNMP groups and to use SNMPv3 with all instructions of security.

According to Positive Technologies it is necessary to adhere to the following the practician on use of iDRAC:

• iDRAC is intended for work in separate network of management and not intended for placement and connection directly to the Internet.
• Dell EMC recommends to use the selected Gigabit Ethernet port available on servers, for connection of iDRAC to separate network of management.
• Along with placement of iDRAC in separate network of management users should isolate a subnet of management or VLAN using such technologies as firewalls and to limit access to a subnet or VLAN to the authorized administrators of servers.
• Dell EMC recommends to use 256-bit enciphering and also TLS 1.2 or above.
• Dell EMC recommends additional parameters, such as filtering of range of the IP addresses and mode of blocking of a system.
• Dell EMC recommends to use additional parameters of authentication, such as Microsoft Active Directory or LDAP.
• Dell EMC recommends to update iDRAC firmware.

Controller of remote access Dell iDRAC 9

On March 3, 2020 the company Dell Technologies presented the innovative solutions allowing customers to adapt to the changing nature data and in time to gain maximum benefit from a set of the peripheral devices located outside traditional DPC. Among such solutions: server Dell EMC PowerEdge XE2420 compact modular DPC Dell EMC Micro 415, controller of remote access Dell iDRAC 9 and Dell EMC Streaming Data Platform.

According to the producer, the updated functionality of the controller of remote access of Dell iDRAC 9 Datacenter — expands possibilities of the analysis of stream data on all servers Dell EMC PowerEdge. This option provides complete transparency of transactions on borders IT and guarantees observance of requirements to deployment, security and operation of the boundary environment.

The possibility of the remote automated deployment can reduce operating time of the administrator with each server by 99.1% in comparison with deployment manually without initial setup. The functions of stream telemetry implemented in iDRAC9 allow customers to define trends, to optimize transactions and to carry out predictive analytics at the maximum capacity, the minimum downtime and lack of risks, claim in Dell Technologies.

According to the statement of the producer, the simplified system of integration of the certificate automatically will ensure safety both on border of IT, and in DPC. About 20 reports on indicators provide nearly 2.9 million entry points of data for each server, thereby allowing an IT team of the customer to use AI technologies for development of different subprogrammes on the basis of the specific analyzed data as for one system with support of iDRAC9, and for their complex; at the same time the place of deployment does not matter.

As of March, 2020 DPCs of Dell EMC with the iDRAC9 controller are already available worldwide.