Unsolved
This post is more than 5 years old
2 Posts
0
1997
Vulnerabilities
Looking for remediation's for below vulnerabilities. These were addressed by our security in the recent scan for iDARCs 6.
1) VNC remote control service installed
2) IPMI 2.0 Cipher Type Zero Authentication Bypass Vulnerability
Thanks in Advance
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
March 16th, 2018 15:00
Hello
Please send a private message with your service tag to ensure we have all appropriate information on your system.
Thanks
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
March 20th, 2018 09:00
Thank you for the service tag.
You can disable VNC in the iDRAC. Instructions for performing management tasks should be in the manual.
Cipher 0 is enabled by default, so the iDRAC does not require a user/pass when accessed via RACADM or IPMI from the host OS. You can disable cipher 0 via RACADM command. There is a CLI guide in the manual section of the iDRAC page, and there is a security article that has information about cipher 0.
www.dell.com/support/home/product-support/product/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95/
www.dell.com/support/article/sln156429/
No, you can't upgrade or downgrade an iDRAC. The iDRAC 6 is the only version of the iDRAC that will work in the R310.
Thanks