Attackers could attack servers with Dell’s EMC iDRAC8 and EMC iDRAC9 software. If, for example, DoS attacks are successful, servers may not be accessible. Admins should install the available security updates as soon as possible.
Using the iDRAC software, admins can remotely access and manage servers, for example to perform updates.
As indicated by a warning message, the developers have closed a total of four security holes. The vulnerability classified as most dangerous (CVE-2021-20235 “high“) Relates to the ZeroMQ messaging library. This is where remote attackers could come into play without logging in and, if the CURVE / ZAP authentication is not active, trigger memory errors and thereby endanger data integrity, among other things.
By successfully exploiting another loophole (CVE-2021-36299 “highAccording to Dell, remote but authenticated attackers could use them to disrupt vulnerable systems with prepared queries. This could lead to DoS states. Disclosure of information is also conceivable. Version 4.40.00.00 is affected by this. Expenditure 4.40.29.00 and 5.00.00.00 should be protected against such attacks.
Even more gaps
Two other vulnerabilities (CVE-2021-36300 “middle“, CVE-2021-36301 „middle“) Could serve as entry points for unauthorized file access and access to the operating system. In both cases, this should be possible remotely and without authentication. Here, too, the versions create 4.40.29.00, 5.00.00.00 and 5.00.10.00 Remedy. If iDRAC8 is still in use, updating to will help 22.214.171.124.
According to the developers, if admins are currently unable to install the updates, they can temporarily protect servers from attacks on CVE-2021-20235 by deactivating the group manager feature under iDRAC9.