PowerEdge:XC - 安全性掃描可能會回報 iDRAC 的 CVE-2013-4786 漏洞。
Summary: 針對 XC 系列解決方案執行的安全性掃描可能會回報 iDRAC 的 CVE-2013-4786 漏洞。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
IPMI 2.0 是部署在 iDRAC 上的規格。如果客戶需要使用,則 Dell 建議僅允許來自安全網路的存取。
注意:我們出貨的伺服器預設為停用 IPMI。
以下為 CVE 的連結: https://nvd.nist.gov/vuln/detail/CVE-2013-4786
站得住腳的解釋和緩解措施:
https://www.tenable.com/plugins/index.php?view=single&id=80101
引用:
此漏洞沒有修補程式;這是IPMI v2.0規範的固有問題。
風險降低:
如果不需要,請停用 IPMI。
使用強密碼來限制離線字典攻擊的成功。
使用存取控制清單 (ACL) 或隔離的網路來限制對 IPMI 管理介面的訪問。
客戶要面對的問題是,他們是否確實在使用 IPMI,即使不能直接停用。
請勿更換任何硬體。此為設計運作方式。
值得注意的是,密碼中每增加一個字元,破解它所需的時間就會呈指數級增長。
Affected Products
Dell EMC XC Core XCXR2, Dell EMC XC Core XC450, Dell EMC XC Core XC650, Dell EMC XC Core XC6520, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC750, Dell EMC XC Core XC750xa, Dell XC Core XC4510C, Dell XC Core XC4520C
, Dell EMC XC Series XC640 Appliance, Dell EMC XC Core XC640 System, Dell EMC XC Series XC6420 Appliance, Dell EMC XC Core 6420 System, Dell XC Core XC660, Dell XC Core XC660xs, Dell XC Core XC670, Dell XC Core XC6715, Dell EMC XC Series XC740xd Appliance, Dell EMC XC Core XC740xd System, Dell XC Core XC760, Dell XC Core XC760xa, Dell XC Core XC7625, Dell XC Core XC770, Dell EMC XC Series XC940 Appliance, Dell EMC XC Core XC940 System, Dell EMC XC Core XC7525
...
Article Properties
Article Number: 000178250
Article Type: How To
Last Modified: 13 Oct 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.