CVE-2020-5366

Vulnerability

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a path traversal vulnerability (CWE-22) in the handling of input parameters. A remote authenticated user with low privileges can manipulate these parameters to traverse outside the intended directory and access arbitrary files on the iDRAC filesystem [1].

Exploitation

An attacker must have network access to the iDRAC management interface and valid low-privilege credentials. No user interaction is required (CVSS:3.1/UI:N). By sending crafted HTTP requests with path traversal sequences (e.g., ../) in specific input parameters, the attacker can read files outside the restricted path [1].

Impact

Successful exploitation results in unauthorized read access to arbitrary files on the iDRAC. This can lead to disclosure of sensitive information such as configuration files, credentials, or other data stored on the device. The CVSS v3.1 base score is 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L), indicating high confidentiality impact, no integrity impact, and low availability impact [1].

Mitigation

Dell EMC has released iDRAC9 firmware version 4.20.20.20 which resolves this vulnerability. All users are advised to upgrade to this version or later at the earliest opportunity. As a best practice, iDRAC should be deployed on a separate management network and not exposed directly to the internet [1].