A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.
Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations.
The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers. While the vulnerability was fixed earlier in July, Georgy Kiguradze and Mark Ermolov, the researchers with Positive Technologies who discovered the flaw, published a detailed analysis, Tuesday.
The path traversal vulnerability (CVE-2020-5366), found in Dell EMC iDRAC9 versions prior to 22.214.171.124, is rated as a 7.1 in terms of exploitability, giving it a high-severity vulnerability rating, according to an advisory published online by Dell.