IT workers Jon Sands and Adam Nielsen have disclosed their discovery of a vulnerability in the Dell iDRAC baseboard management controller firmware (archived). The vulnerability, as they discovered it, affects 12th and 13th generation Dell PowerEdge servers and allows attackers to place their own persistent linux installation on the baseboard management controller from which they own the machine. The limitations of the attack's scope as Sands and Nielsen have documented it does not suggest other versions of iDRAC are more secure. As a class, baseboard management controllers are hazardous.