DSA-2024-099: Security Update for Dell iDRAC9 IPMI session Vulnerability
Dell iDRAC9 mitigation is available for predictable IPMI 2.0 session IDs that could be exploited by malicious users to compromise the affected system.
Zusammenfassung:Dell iDRAC9 mitigation is available for predictable IPMI 2.0 session IDs that could be exploited by malicious users to compromise the affected system.
Artikelinhalt
Auswirkungen
High
Details
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2024-25943
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
Dell Technologies empfiehlt allen Kunden, sowohl die CVSS-Gesamtbewertung als auch alle relevanten zeitlichen und umweltbezogenen Bewertungen zu berücksichtigen, die sich auf den potenziellen Schweregrad einer bestimmten Sicherheitsschwachstelle auswirken können.
For iDRAC9 mitigation, disable IPMI over LAN. IPMI is disabled by default, but if required it can be disabled in the iDRAC web interface by navigating to iDRAC Settings -> Connectivity -> Network -> IPMI Settings.