Dell warns users of PowerEdge servers: A highly dangerous vulnerability in the BIOS of PowerEdge servers could give a malicious user increased rights management and allow local attackers to access without authentication.
Dell does not describe exactly how the attack can occur on the Dell PowerEdge servers. The list of affected devices suggests that the BIOS update must be very important - it is extremely long. The threat described is as follows: “The Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a privilege management vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability resulting in privilege escalation.”
Extremely long Dell server list for BIOS update
Dell recommends that all administrators update immediately and also provides the necessary BIOS patches on the service page. Dell has published the following list of the affected models. Since other devices may be affected, administrators should check directly on the Dell support page:
DSS 8440, Dell EMC XC Core XCXR2, Dell EMC XC Core XC450, Dell EMC XC Core XC650, Dell EMC XC Core XC6520, Dell EMC System, Dell EMC XC Core 740 System , Dell EMC XC Core XC740xd System, Dell EMC XC Core XC940 System, PowerEdge , PowerEdge M2 (for PE VRTX), PowerEdge MX4140C, PowerEdge MX6420c, PowerEdge MX6520c, PowerEdge MX6525C, PowerEdge R6620, PowerEdge R640, PowerEdge R5610, PowerEdge R5620, PowerEdge R640, PowerEdge R640, PowerEdge R740, PowerEdge R750, PowerEdge R 760, PowerEdge R840, PowerEdge R240, PowerEdge R250xs , PowerEdge R340, PowerEdge R350, PowerEdge R440, PowerEdge R450xs, PowerEdge R540, PowerEdge R550, PowerEdge R640, PowerEdge R6415XD, PowerEdge R650XD650, PowerEdge R6515, PowerEdge R6525, PowerEdge R660, Power Edge R660XA, PowerEdge R6615xs, PowerEdge R6625, PowerEdge R740, PowerEdge R740, PowerEdge R740XA, PowerEdge R2xd7415, PowerEdge R7425xs, PowerEdge R750, PowerEdge R750, PowerEdge R750, PowerEdge R7515, PowerEdge R7525, PowerEdge R760xa, PowerEdge R760, PowerEdge T760, PowerEdge T2, PowerEdge T760, PowerEdge T7615, PowerEdge T7625, PowerEdge T840, PowerEdge T860, PowerEdge T940, PowerEdge XE940, PowerEdge XE960, PowerEdge XE140, PowerEdge XE150, PowerEdge XE340, PowerEdge , PowerEdge XR350c, PowerEdge XR440, PowerEdge XR550, PowerEdge XR560t, PowerEdge XR640t , Dell EMC Storage NX2420, Dell EMC Storage NX7420, Dell EMC NX7440, Dell EMC XC Core XC8545.
More at Dell.com