Summary:

Dell EMC identified vulnerabilities in the iDRAC (Integrated Dell Remote Access Controller) management platform on Dell PowerEdge servers, including three used as platforms for the RSA Authentication Manager hardware appliance.

Dell EMC iDRAC response to multiple CVE's June 2018

(Dell EMC Whitepaper)

http://en.community.dell.com/techcenter/extras/m/white_papers/20487494

Affected Products:

• RSA SecurID Hardware Appliance Model 130 based on the Dell PowerEdge R230
• RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R630
• RSA SecurID Hardware Appliance Model 250 based on the Dell PowerEdge R710

Note: To determine your hardware platform, see the following Knowledgebase article: 

000036316 - How to determine the RSA Authentication Manager 8.x hardware platform 

Recommendation:

RSA recommends that customers using the Dell PowerEdge R230 and Dell PowerEdge R630 hardware platform apply the firmware patch for iDRAC8.

RSA recommends that customers using the Dell PowerEdge R710 hardware platform apply the firmware patch for iDRAC6.

Dell EMC iDRAC7/iDRAC8 version 2.60.60.60

Download the Windows self-extracting executable version of the patch from

https://downloads.dell.com/FOLDER05025737M/1/

Dell EMC iDRAC6 version 2.91 for Monolithic servers

Download the Windows self-extracting executable version of the patch from

https://downloads.dell.com/FOLDER05060172M/1/

Important: Please use the following instructions for updating the iDRAC firmware:

https://www.dell.com/support/article/us/en/04/sln292363/poweredge-server-updating-firmware-through-the-idrac?lang=en

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.