PowerEdge:XC - Security Scan 可能会报告针对 iDRAC 的 CVE-2013-4786 漏洞。
Summary: 针对 XC 系列解决方案运行的安全扫描可能会报告针对 iDRAC 的 CVE-2013-4786 漏洞。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
IPMI 2.0 是部署在 iDRAC 上的规范。如果客户需要使用它,戴尔建议仅允许从安全网络进行访问。
提醒:我们发运的服务器默认已禁用 IPMI。
以下是 CVE 的链接: https://nvd.nist.gov/vuln/detail/CVE-2013-4786
站得住脚的解释和缓解措施:
https://www.tenable.com/plugins/index.php?view=single&id=80101
引用:
此漏洞没有修补程序;这是 IPMI v2.0 规范的固有问题。
缓解措施:
禁用 LAN 上 IPMI(如果不需要)。
使用强密码来限制脱机字典攻击的成功率。
使用访问控制列表 (ACL) 或隔离网络限制对 IPMI 管理接口的访问。
要向客户提出的问题是,他们是否真的在使用 IPMI,如果不是,就保持禁用状态。
不要更换任何硬件。此问题并不会影响系统的正常工作。
值得注意的是,密码中每增加一个字符,破解它所需的时间就会成倍增加。
Affected Products
Dell EMC XC Core XCXR2, Dell EMC XC Core XC450, Dell EMC XC Core XC650, Dell EMC XC Core XC6520, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC750, Dell EMC XC Core XC750xa, Dell XC Core XC4510C, Dell XC Core XC4520C
, Dell EMC XC Series XC640 Appliance, Dell EMC XC Core XC640 System, Dell EMC XC Series XC6420 Appliance, Dell EMC XC Core 6420 System, Dell XC Core XC660, Dell XC Core XC660xs, Dell XC Core XC670, Dell XC Core XC6715, Dell EMC XC Series XC740xd Appliance, Dell EMC XC Core XC740xd System, Dell XC Core XC760, Dell XC Core XC760xa, Dell XC Core XC7625, Dell XC Core XC770, Dell EMC XC Series XC940 Appliance, Dell EMC XC Core XC940 System, Dell EMC XC Core XC7525
...
Article Properties
Article Number: 000178250
Article Type: How To
Last Modified: 13 Oct 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.