Dell iDRAC BMC Vulnerability Discovered

IT workers Jon Sands and Adam Nielsen have disclosed their discovery of a vulnerability in the Dell iDRAC baseboard management controller firmware (archived). The vulnerability, as they discovered it, affects 12th and 13th generation Dell PowerEdge servers and allows attackers to place their own persistent linux installation on the baseboard management controller from which they own the machine. The limitations of the attack's scope as Sands and Nielsen have documented it does not suggest other versions of iDRAC are more secure. As a class, baseboard management controllers are hazardous.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>