Open jtagcat opened 1 year ago
Dell is keeping devices vulnerable by not releasing a patch.
That's not true. The vulnerabilities mentioned were fixed in the subsequent releases of iDRAC8 (2.60 and newer).
With regards to keeping outdated firmware, the potential risks could be mitigated to the most extent by restricting access to iDRAC by network segmentation (or even airgapping) and avoiding to expose the server to public networks. Of course, if security is the top concern, one should stick with vendor-provided hardware that comes with the appropriate support contract, etc.
Maybe a note in the doc? Dell is keeping devices vulnerable (by forcing use of outdated FW to disable GPU throttling) by not releasing a patch (what would not include GPU throttling).