Dell EMC Fixes iDRAC Vulnerability Discovered by Positive Technologies

Path Traversal vulnerability CVE-2020-5366 has a score of 7.1, which is a high degree of danger. A remote authenticated user with low privileges can exploit the vulnerability to obtain unauthorized access and read arbitrary files.

FREMONT, CA: Positive Technologies researchers Mark Ermolov and Georgy Kiguradze have found a dangerous web vulnerability in the Dell EMC iDRAC remote access controller. An attacker can use this vulnerability to obtain full control of server operation by turning it on or off and changing settings such as for cooling and power. Dell EMC has launched updated firmware and requests users to install it as soon as possible.

Path Traversal vulnerability CVE-2020-5366 has a score of 7.1, which is a high degree of danger. A remote authenticated user with low privileges can exploit the vulnerability to obtain unauthorized access and read arbitrary files.

Despite Dell's recommendation to not connect iDRAC to the Internet, and the product being new, public search engines already indicate several Internet-accessible connections, which would help an external attacker exploit easily. Furthermore, over 500 such controllers are accessible over SNMP.

Georgy Kiguradze explained, "The iDRAC controller is used to manage key servers, effectively functioning as a separate computer inside the server itself. iDRAC runs on ordinary Linux, although in a limited configuration, and has a fully-fledged file system. The vulnerability makes it possible to read any file in the controller's operating system, and in some cases, to interfere with operation of the controller (for instance during reading symbolic Linux devices like /dev/urandom). If attackers obtain the backup of a privileged user, they can block or disrupt the server's operation. This attack can be performed externally—if an attacker has credentials, perhaps by bruteforcing, although this is unlikely given the product's anti-bruteforcing protections—or internally, such as with the account of a junior admin with limited access to the server."

Path Traversal, as per Positive Technologies' data, is consistently one of the three most common vulnerabilities. In the hands of an attacker, Path Traversal allows for viewing the content of server folders that should not be accessible even to a logged-in ordinary site user.