Panzura Security Advisory QSCC-2013-001
|Title:||iDRAC Firmware Update|
|Affected Products:||Quicksilver Cloud Controllers w/iDRAC6|
A number of vulnerabilities exist due to integration of open-source packages in the firmware for the Integrated Dell Remote Access Controller 6 (iDRAC6).
The iDRAC6 remote access controller incorporated into the Panzura Quicksilver Cloud controller incorporates the following open-source packages into its firmware:
Older releases of these packages have a number of well-publicized vulnerabilities including some critical issues with known exploits.
Malicious activities targeting these packages could result in unauthorized access to the iDRAC console, password compromise, or disabling the appliance.
Attach the dedicated Ethernet connection for the iDRAC6 controller into a management subnet with tightly controlled access separate from user traffic.
iDRAC6 firmware release 1.95 upgrades these packages to the following versions:
Release notes and patch information for this version are located at the Dell Support Website.