DELL IDRAC is affected by vulnerability CVE-2020-5344. DDI 9200/4200/1200/520/260 are affected.
This article serves as a guide on how to upgrade the IDRAC firmware to fix this vulnerability.
To resolve the issue in DDI 9200/4200/1200/520/260, upgrade the DELL IDRAC firmware to version 4.00.00.00:
Log on to the DELL iDRAC console:
- Enter https://iDRAC_IP
- The default username and password is root/calvin.
Go to Dashboard > System Information and check the firmware version. If the version is older than 4.00.00.00, refer to the following steps to upgrade the firmware:
From DELL’s product support page: iDRAC with Lifecycle Controller, 4.00.00.00, download the DELL IDRAC firmware:
To ensure the integrity of your download, verify the checksum value:
On the IDRAC web console, go to Maintenance > System Update > Manual Update.
- Select the Location Type to “Local” and choose the downloaded file from Step 1 (iDRAC with Lifecycle Controller, 4.00.00.00) then click Upload.
After the file has been successfully uploaded, tick the checkbox next to it then click Install.
Wait until the update is complete. Once the update is complete, the IDRAC will be restarted and the current session will be closed.
Log on to the IDRAC console again, verify that the IDRAC firmware version is 4.00.00.00.