DSA-2024-322: Security Update for Dell Precision Rack for an iDRAC9 OpenSSH Vulnerability
Zhrnutie: Dell iDRAC9 with Lifecycle Controller remediation for Dell Precision Rack is available for an OpenSSH Vulnerability that could be exploited by malicious users to compromise the affected system. ...
Tento článok sa vzťahuje na
Tento článok sa nevzťahuje na
Tento článok nie je viazaný na žiadny konkrétny produkt.
V tomto článku nie sú uvedené všetky verzie produktov.
Dosah
High
Podrobnosti
| Third-party Component | CVEs | More information |
| OpenSSH | CVE-2024-6387 |
Dotknuté produkty a riešenie problému
| Product | Affected Versions | Remediated Versions | Release Date (MM/DD/YYYY) |
Link |
|---|---|---|---|---|
| Precision 7920 Rack | iDRAC9 firmware version prior to 7.00.00.173 | iDRAC9 firmware version 7.00.00.173 or later | 08/27/2024 |
iDRAC 7.00.00.173 | Driver Details |
| 7920 XL Rack | iDRAC9 firmware version prior to 7.00.00.173 | iDRAC9 firmware version 7.00.00.173 or later | 08/27/2024 | iDRAC 7.00.00.173 | Driver Details |
| Precision 7960 Rack | iDRAC9 firmware version prior to 7.10.70.00 | iDRAC9 firmware version 7.10.70.00 or later | 09/24/2024 | iDRAC 7.10.70.00 | Driver Details |
| Precision 7960 XL Rack | iDRAC9 firmware version prior to 7.10.70.00 | iDRAC9 firmware version 7.10.70.00 or later | 09/24/2024 | iDRAC 7.10.70.00 | Driver Details |
| Product | Affected Versions | Remediated Versions | Release Date (MM/DD/YYYY) |
Link |
|---|---|---|---|---|
| Precision 7920 Rack | iDRAC9 firmware version prior to 7.00.00.173 | iDRAC9 firmware version 7.00.00.173 or later | 08/27/2024 |
iDRAC 7.00.00.173 | Driver Details |
| 7920 XL Rack | iDRAC9 firmware version prior to 7.00.00.173 | iDRAC9 firmware version 7.00.00.173 or later | 08/27/2024 | iDRAC 7.00.00.173 | Driver Details |
| Precision 7960 Rack | iDRAC9 firmware version prior to 7.10.70.00 | iDRAC9 firmware version 7.10.70.00 or later | 09/24/2024 | iDRAC 7.10.70.00 | Driver Details |
| Precision 7960 XL Rack | iDRAC9 firmware version prior to 7.10.70.00 | iDRAC9 firmware version 7.10.70.00 or later | 09/24/2024 | iDRAC 7.10.70.00 | Driver Details |
iDRAC patched the version of OpenSSH embedded inside of it. The iDRAC OpenSSH banner will continue to report 9.6p1 and may be reported as a false positive by network scanning tools. To verify that a patched version of iDRAC is running use the iDRAC firmware version as indicated above.
Alternatívne riešenia a zmiernenia
| CVE ID | Workaround and Mitigation |
| CVE-2024-6387 | For iDRAC9 workaround, disable SSH on iDRAC. This can be done in the iDRAC Web interface by navigating to Overview > iDRAC > Settings > Network > Services. More details can be found at the iDRAC 9 User Guide |
História revízií
| Revision | Date | Description |
| 1.0 | 2024-09-24 | Initial Release |
Súvisiace informácie
Legal Disclaimer
Dotknuté produkty
7920 XL Rack, Precision 7960 XL Rack, Precision 7920 Rack, Precision 7960 RackVlastnosti článku
Číslo článku: 000227007
Typ článku: Dell Security Advisory
Dátum poslednej úpravy: 24 sep 2024
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.