on May 7, 2018Summary:
Dell EMC has identified vulnerabilities in the iDRAC management platform on Dell PowerEdge servers, including two which are used as platforms for the RSA Authentication Manager hardware appliance. The following Dell EMC advisory discusses this issue:
Vulnerability Details for iDRAC7/iDRAC8/iDRAC9 - Advisory
Dell EMC Whitepaper:
http://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Affected Products:
- RSA SecurID Hardware Appliance Model 130 based on the Dell PowerEdge R230
- RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R630
RSA recommends that customers using the Dell PowerEdge R230 and Dell PowerEdge R630 hardware platform apply the firmware patch for iDRAC8. To determine your hardware platform, see the following Knowledgebase article:
000036316 - How to determine the RSA Authentication Manager 8.x hardware platform
iDRAC with Lifecycle Controller 2.52.52.52
Patch Info:
The following web page includes installation instructions and other information:
http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=1YCHC
Patch Download:
Download the Windows self-extracting executable version of the patch:
https://downloads.dell.com/FOLDER04830649M/1/iDRAC8_2.52.52.52_A00.exe
The download contains a text document with installation instructions and the firmimg.d7 file. Please read and follow all of the documented instructions and precautions. The update is installed by opening the iDRAC and passing the firming.d7 file as input to the iDRAC's "Update and Rollback" page.
For RSA Authentication Manager documentation, downloads, and more, visit the RSA SecurID Access page on RSA Link.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.