Summary:
Dell EMC identified vulnerabilities in the iDRAC (Integrated Dell Remote Access Controller) management platform on Dell PowerEdge servers, including three used as platforms for the RSA Authentication Manager hardware appliance.
Dell EMC iDRAC response to multiple CVE's June 2018
(Dell EMC Whitepaper)
http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
Affected Products:
- RSA SecurID Hardware Appliance Model 130 based on the Dell PowerEdge R230
- RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R630
- RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R710
Note: To determine your hardware platform, see the following Knowledgebase article:
000036316 - How to determine the RSA Authentication Manager 8.x hardware platform
Recommendation:
RSA recommends that customers using the Dell PowerEdge R230 and Dell PowerEdge R630 hardware platform apply the firmware patch for iDRAC8.
RSA recommends that customers using the Dell PowerEdge R710 hardware platform apply the firmware patch for iDRAC6.
Dell EMC iDRAC7/iDRAC8 version 2.60.60.60
Download the Windows self-extracting executable version of the patch from
https://downloads.dell.com/FOLDER05025737M/1/
Dell EMC iDRAC6 version 2.91 for Monolithic servers
Download the Windows self-extracting executable version of the patch from
https://downloads.dell.com/FOLDER05060172M/1/
Important: Please use the following instructions for updating the iDRAC firmware:
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.