iDrac 9.8 CVE - patch yer idracs

Discussion in 'Business & Enterprise Computing' started by NSanity, May 7, 2019.

  1. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,714
    Location:
    Canberra
  2. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,537
  3. phrosty-boi

    phrosty-boi Member

    Joined:
    Jun 27, 2003
    Messages:
    1,083
    Location:
    Altona
    (hopefully) good call there Pablo
    ours aren't but did it all the same to be on the safe side here, found that one of our older servers was still on version 1.x as opposed to 2.9.x
     
  4. Matthew kane

    Matthew kane Member

    Joined:
    Jan 27, 2014
    Messages:
    2,358
    Location:
    Melbourne
    Looked into our fleet of R740xd servers and all of them running mostly 3.31 and .29 idrac lifecycle controller firmwares. Doing an update now on a couple test servers to see if it breaks anything else. Also noticed a new bios update from 2 days ago.

    Thanks,
     
  5. wullieb1

    wullieb1 Member

    Joined:
    Jul 9, 2013
    Messages:
    457
    Its not just limited to iDRAC9 either but pretty much from 6 upwards.

    Affected products:
    • Dell EMC iDRAC6 versions prior to 2.92 (CVE-2019-3705)
    • Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 (CVE-2019-3705)
    • Dell EMC iDRAC9 versions prior to 3.30.30.30, 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23, 3.24.24.24, 3.22.22.22, 3.21.25.22 (CVE-2019-3705, CVE-2019-3706, and CVE-2019-3707)
     
  6. samus

    samus Member

    Joined:
    Jun 3, 2002
    Messages:
    1,264
    Location:
    Baulkham Hills, Sydney.
    Thanks! Updated all my idracs today.
     
  7. DivHunter

    DivHunter Member

    Joined:
    May 31, 2005
    Messages:
    3,133
    Location:
    Melbourne
    I clicked in this thread thinking oh no my dracs but then realised none are connected to the internet or at all in many cases.

    Will still update.
     
  8. evilasdeath

    evilasdeath Member

    Joined:
    Jul 24, 2004
    Messages:
    4,863
    not all threats come from the internet...

    internal threats do exist and the number of people having then fully connected to an entire LAN/MAN/WAN is likely a very high percentage.
     
  9. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    5,714
    Location:
    NSW
    VLAN Baby :)
     
  10. s4mmy

    s4mmy Member

    Joined:
    May 20, 2004
    Messages:
    2,155
    Location:
    Melbourne

    This and this.
     

Share This Page

Advertisement: