DSA-2024-099: Security Update for Dell iDRAC9 IPMI session Vulnerability
Dell iDRAC9 mitigation is available for predictable IPMI 2.0 session IDs that could be exploited by malicious users to compromise the affected system.
Summary:Dell iDRAC9 mitigation is available for predictable IPMI 2.0 session IDs that could be exploited by malicious users to compromise the affected system.
Article Content
Impact
High
Details
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2024-25943
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
For iDRAC9 mitigation, disable IPMI over LAN. IPMI is disabled by default, but if required it can be disabled in the iDRAC web interface by navigating to iDRAC Settings -> Connectivity -> Network -> IPMI Settings.