A vulnerability in the Integrated Dell Remote Access Controller (iDRAC) that could have allowed cyber-criminals to gain full control of server operations has been detected.
The controller was designed for secure local and remote server management to help IT administrators deploy, update and monitor Dell EMC PowerEdge servers.
Path Traversal vulnerability CVE-2020-5366 was discovered by researchers Georgy Kiguradze and Mark Ermolov at Positive Technologies. It has a score of 7.1, reflecting a high degree of danger.
By exploiting the flaw, a remote authenticated user could turn the product on or off or change its cooling or power settings. Such actions may sound relatively harmless, but they could potentially eat into the profits of businesses already struggling as a result of the global pandemic.
“If important services are running on these servers, that could cause them to become temporarily unavailable, potentially resulting in losses for businesses,” said a Positive Technologies spokesperson.
Kiguradze said that if attackers obtained the backup of a privileged user, they could use the vulnerability to block or disrupt the server's operation.
He explained: “The iDRAC controller is used to manage key servers, effectively functioning as a separate computer inside the server itself. iDRAC runs on ordinary Linux, although in a limited configuration, and has a fully-fledged file system. The vulnerability makes it possible to read any file in the controller's operating system, and in some cases to interfere with operation of the controller (for instance during reading symbolic Linux devices like /dev/urandom).”
Researchers found that the vulnerability affects Dell EMC iDRAC9 controllers with firmware versions prior to 4.20.20.20 and can be exploited internally or externally.
“This attack can be performed externally — if an attacker has credentials, perhaps by bruteforcing, although this is unlikely given the product's anti-bruteforcing protections — or internally, such as with the account of a junior admin with limited access to the server,” said Kiguradze.
iDRAC is offered as an option for almost all current Dell servers. Following the flaw’s detection, Dell EMC has released updated firmware and urges users to install it as soon as possible.
Users are advised not to connect iDRAC directly to the internet but rather to place it on a separate administration network.