Dell EMC has identified vulnerabilities in the iDRAC management platform on Dell PowerEdge servers, including two which are used as platforms for the RSA Authentication Manager hardware appliance. The following Dell EMC advisory discusses this issue:
Vulnerability Details for iDRAC7/iDRAC8/iDRAC9 - Advisory
Dell EMC Whitepaper:
- RSA SecurID Hardware Appliance Model 130 based on the Dell PowerEdge R230
- RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R630
RSA recommends that customers using the Dell PowerEdge R230 and Dell PowerEdge R630 hardware platform apply the firmware patch for iDRAC8. To determine your hardware platform, see the following Knowledgebase article:
iDRAC with Lifecycle Controller 22.214.171.124
The following web page includes installation instructions and other information:
Download the Windows self-extracting executable version of the patch:
The download contains a text document with installation instructions and the firmimg.d7 file. Please read and follow all of the documented instructions and precautions. The update is installed by opening the iDRAC and passing the firming.d7 file as input to the iDRAC's "Update and Rollback" page.
For RSA Authentication Manager documentation, downloads, and more, visit the RSA SecurID Access page on RSA Link.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.