Multi brand server management system was traced to save major vulnerabilities DELL rejects

[global technology Roundup] according to the website reported on July 24th, after security researchers found that IBM, DELL and other brands of some products there are loopholes, loopholes in the theory may be to gain control of the victim user equipment system privileges by hackers. IBM has released a patch for the vulnerability, but DELL is still refusing to publicly recognize the existence of a variety of products that vulnerability.

data figure


KVM switch enables users to remotely manage devices, such as servers and routers, by directly connecting the keyboard, video, and mouse ports. May, independent security researcher Alegandro Alvarez Bravo found in the first IBM switch in the vulnerability of KVM. Subsequently, Alvarez Bravo posted on the Full Disclosure forum, said that although the vulnerability was originally found in the IBM system, but it is also seen in several other companies, including DELL, including the product.

Bravo, IBM 1754 GCM series products in a single device to provide IP based KVM and serial console management technology. The series of products v1.20.0.22575 and previous versions of the existence of the vulnerability. However, the vulnerability also exists in DELL and other vendors KVM switch. The vulnerability could allow remote authentication by remote execution of code on the GCM family of KVM switches.

IBM in July 14th released the vulnerability patches. Alvarez Bravo told reporters that although he contacted DELL two months ago to inform the risks faced by its customers, but has not yet received a reply from DELL.

Alvarez Bravo said, two months ago, I passed the DELL security website to inform them of this matter, but they did not make any response, did not indicate that they have been informed of this matter. Unfortunately, I don’t have those affected KVM switches list list. All I know is that they have the same firmware. The original manufacturer of these firmware is the United States Emerson Electric’s Avocent, Avocent is the world’s leading supplier of KVM switching and connectivity solutions."

, a researcher from Labs Kabasiji (Kaspersky), also encountered similar problems, he said he had also contacted the company on the matter DELL. But as of press time before the author, DELL still declined to comment.

DELL and IBM are only two of the many companies that have been found to be vulnerable in recent weeks. CISCO systems has also been forced to launch a security update patch for a variety of versions of small office routers on Friday to protect users from hackers.