Unsolved
1 Rookie
•
7 Posts
0
82
January 28th, 2025 02:32
DSA-2024-460 fixed on iDRAC v7.00.00.174 but compatibility doesn't include OEMR XL R640
Hello,
Good day.
We've had this OEMR XL R640 where vulnerability scanner identified two vulnerabilities in iDRAC
Dell iDRAC9 OpenSSH RCE Vulnerability (DSA-2024-342, regreSSHion)
Dell iDRAC9 Multiple Linux Vulnerabilities (DSA-2024-460)
Ref: https://www.dell.com/support/kbdoc/en-sg/000258350/dsa-2024-460-security-update-for-dell-idrac9-vulnerabilities
It seems fixed in v7.00.00.174 but compatibility list for this version doesn't include OEMR XL R640 thus we were wondering if there's any alternative to this?
Or is it still safe to upgrade from v7.00.00.172 to v7.00.00.174?
Many thanks,
Ben
No Events found!
DELL-Erman O
Moderator
•
2.8K Posts
0
January 28th, 2025 08:26
Hi,
The situation may be different for OEM devices. The update may not progress at the same level as non-OEM models on OEM devices. OEM models may not follow a standard update other than normal poweredge models. This firmware has probably not been tested or approved for this model yet.
polkadots
1 Rookie
•
7 Posts
0
January 28th, 2025 08:43
Hello,
Thanks for the response.
Since that's the case, any advice how OEM models can best mitigate those vulnerabilities?
Looking at iDRAC 7.00.00.171 compatibility list it does have OEMR XL R640 and OEMR R640 hence I'd guess they are different?
Ref: https://www.dell.com/support/home/en-sg/drivers/driversdetails?driverid=tnyr2
Then, reviewing DSA-2024-460 again, it has a list of affected devices but I can only find OEMR R640 so does this mean that OEMR XL R640 is not affected?
Ref: https://www.dell.com/support/kbdoc/en-sg/000258350/dsa-2024-460-security-update-for-dell-idrac9-vulnerabilities
Many thanks,
Ben
(edited)
polkadots
1 Rookie
•
7 Posts
0
January 31st, 2025 03:57
Any chance to get some confirmation on this?
Thank you
DELL-Young E
Moderator
•
5.1K Posts
0
January 31st, 2025 06:53
Hello
https://dell.to/3WG3Txi
https://dell.to/3WEZs5M
https://dell.to/3WHKpZc
https://dell.to/3WFsy54
no OEMR XL, just OEMR
so one can be fixed the other one not because your server is not listed.
If you have a valid warranty you can raise a case for further investigation.
polkadots
1 Rookie
•
7 Posts
0
January 31st, 2025 07:04
Hello,
Yes, that's what I'm trying to say, since OEMR XL is not on the list how should we best mitigate the said vulnerability since we can't install iDRAC 7.00.00.174 on it? Or did we missed to add OEMR XL on this version? Any chance to get some confirmation on that as well?
Yes, the following <Private data removed from public view. DELL-Admin> should still have a valid warranty till June 28, 2025.
Many thanks,
Ben
(edited)
DELL-Erman O
Moderator
•
2.8K Posts
0
January 31st, 2025 08:01
Hi,
As you know, OEM devices are custom hardware and software solutions that Dell makes for other companies. These devices usually aren't compatible with standard Dell firmware and BIOS because they use customized versions based on specific customer needs. Standard Dell products get general support and updates from Dell, but OEM devices might need special support and updates due to their custom setups. So, unfortunately, I can't confirm that for you. I think, as YoungAh mentioned, if your warranty is still valid, you should call your local support team for detailed info.
Hope that helps!
polkadots
1 Rookie
•
7 Posts
0
January 31st, 2025 08:19
Hello,
Thanks for the info.
I'll check this out internally how we can best engage DELL's local support to get a similar update on OEMR XL models.
Cheers!