Can you please send me the info also about the vulnerabilities for the DRAC and openssl? Our auditors are hounding us for results. I have seen any updates for a DRAC 5 in a very long time and the latest firmwares for both DRAC 6 and DRAC 7 still show as vulnerable.

New firmware available 2.10.10.10

This release supports both iDRAC7 and iDRAC8

http://en.community.dell.com/techcenter/systems-management/w/wiki/7526.idrac7-home

I also need firmware to resolve CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470, CVE-2014-0076 on a number of DRAC5 and iDRAC6.  It is being picked up by Qualys QID 38602.  Please email me a link to the fix and/or any updated information on this issue.

We have verified firmware 3.75 released 25 Jun 2015 fixes it on iDRAC 6.  Thanks Dell!

http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverid=GR09H

I am using iDRAC 7. Has Dell confirmed that version 1.66.65 or 2.10.10.10 fixes the issue?

I was running 2.10.10.10 for the last few months and just upgraded to 2.20.20.20.  I've not had any failed scans since the 2.10.10.10 update.

You probably also want to set your SSL encryption to 256-bit if you haven't done so.  Something was getting flagged for that too until I changed it.

GUI login, iDRAC Settings, Network, Services, Web Server SSL Encryption and set to 256-bit or higher option.

I just upgrade some of my self-signed certificates to CA signed, 2048-bit SHA-2 certificates.  While I'm not getting scan errors (yet), my browsers complain that the ciphers are obsolete.  I don't see any way to change those settings with GUI or racadm.

Thanks. It worked.

We had similar warnings from our security scans for other servers.  The vulnerability that was reported only existed if a deprecated command is available and it was not used on our systems. 

This issue is coming up again. What is the status ?

Hi.  Can you also email the information to me? Thanks. grbergamini@gmail.com

Hello, I need the email as well please.