PowerEdge: XC - Security Scan may report a CVE-2013-4786 vulnerability against the iDRAC.

Summary: Security Scan run against an XC Series solution may report a CVE-2013-4786 vulnerability against the iDRAC.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

IPMI 2.0 is the specification deployed on iDRACs. If the customer requires its use, then Dell recommend only allowing access from a secured network.

Note: We ship servers with IPMI disabled by default.

Here is a link to the CVE: https://nvd.nist.gov/vuln/detail/CVE-2013-4786This hyperlink is taking you to a website outside of Dell Technologies.

Tenable explanation and mitigations:

https://www.tenable.com/plugins/index.php?view=single&id=80101This hyperlink is taking you to a website outside of Dell Technologies.

Quote:
There is no patch for this vulnerability; it is an inherent problem with the specification for IPMI v2.0.

Mitigations:
Disabling IPMI over LAN if it is not needed.
Using strong passwords to limit the successfulness of offline dictionary attacks.
Using Access Control Lists (ACLs) or isolated networks to limit access to your IPMI management interfaces.

A question back to the customer is if they are truly using IPMI, if not just keep it disabled.

Do not replace any hardware. This is working as designed.

It is worth noting that with every additional character in a password, the time taken to crack it increases exponentially.

Affected Products

Dell EMC XC Core XCXR2, Dell EMC XC Core XC450, Dell EMC XC Core XC650, Dell EMC XC Core XC6520, Dell EMC XC Core XC740xd2, Dell EMC XC Core XC750, Dell EMC XC Core XC750xa, Dell XC Core XC4510C, Dell XC Core XC4520C , Dell EMC XC Series XC640 Appliance, Dell EMC XC Core XC640 System, Dell EMC XC Series XC6420 Appliance, Dell EMC XC Core 6420 System, Dell XC Core XC660, Dell XC Core XC660xs, Dell XC Core XC670, Dell XC Core XC6715, Dell EMC XC Series XC740xd Appliance, Dell EMC XC Core XC740xd System, Dell XC Core XC760, Dell XC Core XC760xa, Dell XC Core XC7625, Dell XC Core XC770, Dell EMC XC Series XC940 Appliance, Dell EMC XC Core XC940 System, Dell EMC XC Core XC7525 ...
Article Properties
Article Number: 000178250
Article Type: How To
Last Modified: 13 Oct 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.