SC Storage Customer Notification: iDRAC BMC Security

Summary:
The BMC and or iDRAC may report network vulnerabilities to scanning software for Storage Center products.
 

Problem Detail:
Customers running network vulnerability scanners in their network may see reports that the BMC and or iDRAC interfaces are vulnerable.

BMC and iDRAC firmware are part of the Storage Center Operating System (SCOS) software package and are only available for upgrade in new versions of SCOS. Extensive compatibility testing between these firmware versions and SCOS are performed to ensure that there are no issues between the operating system and the hardware monitoring software. Due to this compatibility testing, SCOS does not always run the latest versions of the BMC and iDRAC which may result in potential network security vulnerability reports.

Affected Versions:
All Storage Centers

Storage Center does not use all of the functionality of BMC or iDRAC software so most of the security reports are false or not applicable. To check if a security vulnerability has been reported or addressed, go to dell.com/support.

Workaround:
Most network switches today have management software which features the ability to enable/disable specific ports. If there is a security concern for your Storage Center that cannot be addressed by upgrading to the latest SCOS version, Dell Technologies recommends that the network switch ports connecting to the BMC or iDRAC on the Storage Center be disabled until needed.