DELL IDRAC9 with a firmware version prior to 4.00.00.00 is affected by vulnerability CVE-2020-5344 (buffer overflow vulnerability). An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
DDWI 510 and DDWI 1100 with IDRAC9 are affected if hardware delivery date is before December 2019.
This article serves as a guide on how to upgrade the IDRAC firmware to fix this vulnerability.
To resolve the issue in DDWI 1100 and DDWI 510, upgrade the DELL IDRAC firmware to version 4.00.00.00:
-
Log on to the DDWI iDRAC console:
- Enter https://iDRAC_IP
- The default username and password is root/calvin.
-
Go to Dashboard > System Information and check the firmware version, if version is older than 4.00.00.00, refer to the following steps to upgrade the firmware.
-
From the DELL’s product support page: iDRAC with Lifecycle Controller, 4.00.00.00, download the DELL IDRAC firmware:
iDRAC-with-Lifecycle-Controller_Firmware_4JCPK_WN64_4.00.00.00_A00.EXE
To ensure the integrity of your download, verify the checksum value:
SHA1: C8719623D044D1B287619BD67F0703A99178A93F
-
On the IDRAC web console, go to Maintenance > System Update > Manual Update.
- Select the Location Type to “Local” and choose the downloaded file from step 1 (iDRAC with Lifecycle Controller, 4.00.00.00) then click Upload.
-
After the file has been successfully uploaded, tick the checkbox next to it then click Install.
Wait until the update is complete. Once the update is complete, the IDRAC will be restarted and the current session will be closed.
-
Log on to the IDRAC console again, verify that the IDRAC firmware version is 4.00.00.00.
-