Unsolved
2 Posts
0
2883
Vulnerability Monitoring
I currently work for a client using several of Dell products, and am wondering if there were a designated place to check for vulnerabilities in the product (hardware/software/firmware) that might be exploited to cause issues with the product.
For example, if we use Dell R640 PowerEdge Server – is there a place where I can look this up to see if there is any security vulnerabilities or errata surrounding it? Ideally, this would be some sort of XML feed or API, but even just a manual solution would be great.
I tried searching on your Security Advisories and Notices (https://www.dell.com/support/security/en-us/) for R640 and found nothing even though when I Googled it, I was lead here where R640 was listed. What is the best way to monitor for a product’s vulnerabilities
Any help or advice appreciated
James
Brian Piatt
67 Posts
0
September 25th, 2019 08:00
@James Paul
I appreciate your thoroughness in explaining the situation. I have forwarded an enhancement request to the PSIRT team to include model search abilities to https://www.dell.com/support/security/en-us/. With any enhancement, I can't guarantee it will move into production, but shows active interest by customers.
In the meantime, it seems you already discovered the stop-gap I would recommend. If you search ("model number" cve) in google, it tends to show up as the top-hit for several different devices with the correct articles. The one downside to this method is that it can take google metacrawlers some time to process or update an article for searchability. It's important to also include the model number in quotes as I found in my testing the links could go lower in the stack if typing without the quotes.
Let me know if you have any other questions or concerns I can assist you with.
-Brian
L4 | Dell Data Security
#IWork4Dell
James Paul
2 Posts
0
September 25th, 2019 14:00
Thanks for the quick response Brian. A couple follow up questions:
Do you know how where vulnerabilities are for rpm's from OMSA such as:
srvadmin-hapi-7.2.0-4.237.1.el6.x86_64.rpm
srvadmin-idrac-7.2.0-4.481.2.el6.x86_64.rpm
I've looked through the CSV that is published but I'm having trouble matching package names myself, and trying to do it programmatically would be even more challenging. Combing through I found the following in DSA-2019-028 but I'm having trouble confirming that those iDRAC packages are actually referring to my iDRAC packages :
Affected products:
Brian Piatt
67 Posts
0
September 26th, 2019 13:00
@James Paul
Disclaimer: My specialization is with the Dell Data Security Product Portfolio. I would suggest reaching out to ProSupport if the information below isn't sufficient.
When looking at up some of the CVE you listed, it appears I can cross reference it with How to Identify the iDRAC Version for Your Dell PowerEdge Server. Here is a forum post on how you potentially can get this information via command: Determine DRAC version from RACADM
According to HERE It also appears you can find this version of the DRAC model by:
"This information can be found by booting into the LifeCycle Controller (LCC) or within the iDRAC web interface using a supported browser and iDRAC IP address. Under server information, the iDRAC firmware version will be displayed."
Looking at the web interface it appears there is an About section you can look at it too.
After you have that information you should be able to compare against the CVE. I hope this answers your question.
Let me know if I can be of any further help.
-Brian
L4 | Dell Data Security #IWork4Dell
cyberoner1
1 Message
0
September 1st, 2020 04:00
Good day,
I found this thread as I was looking for neary the same situation. I would like to know if there is the posibillty to download the fiel via api and is it possible to add the product to the output?