There's been a vulnerability detected with iDRAC 9.0 controllers, said vulnerability allows outside connections to gain full control over the servers running iDrac 9.0. Potential problems include data loss, disruption of services, and unavailability of server resources, which would dramatically impact business operations.

This vulnerability affects Dell EMC iDRAC 9.0 controllers with a firmware version of 4.20.20.20 and below. It can be exploited both internally and remotely.

“This attack can be performed externally — if an attacker has credentials, perhaps by brute-forcing, although this is unlikely given the product's anti-brute-forcing protections — or internally, such as with the account of a junior admin with limited access to the server,” said Kiguradze.

Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov at Positive Technologies. It has a score of 7.1, reflecting a high degree of danger.

If you have not updated iDRAC recently, we're encouraging all organizations that run servers with iDRAC controller 9.0 to do so.

If you have any questions please call into our helpdesk line or send us an email at info@tekleap.com