Enabling LOM (iDRAC) Management for Smart-1 525/5050/5150/625/6000-L/6000-XL/600-M Appliances

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk122914
Technical Level
Product	Quantum Smart-1
Version	R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81, R81.10, R81.20
OS	Gaia
Platform / Model	Smart-1
Date Created	14-Mar-2018
Last Modified	02-Feb-2023

Solution

Table of Contents:

LOM (iDRAC) Support
iDRAC Firmware Upgrade Path
iDRAC Firmware Upgrade Instructions
Working with iDRAC
Recommended Features
Installing Gaia OS (R81.20 and higher) in iDRAC on Smart-1 6000-L / 6000-XL models
iDRAC CVE Vulnerabilities
Known Limitations

Click Here to Show the Entire Article

LOM (iDRAC) Support

Show / Hide this section

To enable the LOM (iDRAC) support and upgrade its firmware version, a hotfix may be required:

Gaia Version	Appliance Model	Required Hotfix
R80.10	Smart-1 525 Smart-1 5050/5150	R80.10 JHF Take 283 and higher. Contact Check Point Support to get a hotfix.
R80.20	Smart-1 525 Smart-1 5050/5150	R80.20 JHF Take 183 and higher.
R80.30	Smart-1 525 Smart-1 5050/5150	R80.30 JHF Take 217 and higher.
R80.40	Smart-1 525 Smart-1 5050/5150 Smart-1 625	No hotfix is required.
R81 and above	Smart-1 525 Smart-1 5050/5150 Smart-1 625 Smart-1 6000-L/6000-XL/600-M	No hotfix is required.

Important: It is strongly recommended to export the management database from the Smart-1 appliance before proceeding. The administrator can import the configuration database at a later time.

iDRAC Firmware Upgrade Path

Show / Hide this section

Note: First, it is necessary to upgrade the firmware to the Mid version. Only afterward, it is possible to upgrade to the Final version.

Appliance Model	Part	Current Version	Mid Version	Final Version
Smart-1 6000-L/6000-XL Smart-1 600-M	iDRAC9	v4.40.0.0	Not Necessary	To upgrade Smart-1 6000-L/6000-XL/ 600-M to firmware 5.10.30.00 (Final version) For R80.40: Check Point firmware idrac9 T23 For R81/R81.10/R81.20: Check Point firmware idrac9 T23
Smart-1 525	iDRAC8	v2.50.50.50	To upgrade Smart-1 525 to firmware 2.80.80.80 (mid version) For R80.10/R80.20/R80.30/R80.40: Check Point firmware IDRAC8 T31 For R81/R81.10/R81.20: Check Point firmware iDRAC8 T31	To upgrade Smart-1 525 to firmware 2.83.83.83 (Final version) For R80.10/R80.20/R80.30/R80.40: Check Point firmware IDRAC8 T33 For R81/R81.10/R81.20: Check Point firmware iDRAC8 T33
Smart-1 5050/5150	iDRAC9	v3.15.15.15	To upgrade Smart-1 5050/5150 to firmware 3.30.30.30 (Mid version) For R80.10/R80.20/R80.30/R80.40: Check Point firmware idrac9 T17 For R81/R81.10/R81.20: Check Point firmware idrac9 T17	To upgrade Smart-1 5050/5150 to firmware 5.10.30.00 (Final version) For R80.10/R80.20/R80.30/R80.40: Check Point firmware idrac9 T23 For R81/R81.10/R81.20: Check Point firmware idrac9 T23
Smart-1 625	iDRAC9	v3.30.30.30	Not Necessary	To upgrade Smart-1 625 to firmware 5.10.30.00 (Final version) For R80.40: Check Point firmware idrac9 T23 For R81/R81.10/R81.20: Check Point firmware idrac9 T23

iDRAC Firmware Upgrade Instructions

Show / Hide this section

Download the applicable CPUSE package, see sk92449 - Check Point Upgrade Service Engine (CPUSE) - Gaia Deployment Agent.
Import the CPUSE package with one of these offline procedures:

For Gaia Portal upgrade instructions, see section 4-A-c.
For Gaia Clish upgrade instructions, see section 4-A-d.

Install the CPUSE package with the Hotfixes instructions, see section 4-B-a.

Notes:

Reboot does not occur while installing the iDRAC firmware package.
During the iDRAC firmware package installation, the "cpstop;cpstart" commands run that stop and start all Check Point services.

Working with iDRAC

Show / Hide this section

Required open ports for LOM card functionality

Note: these ports are not configurable.

Port Number	Type	Function
22	TCP	SSH
80	TCP	HTTP (Web UI)
443	TCP	HTTPS (Web UI)
5900	TCP	Virtual console keyboard and mouse redirection, Virtual Media

Notes:

vConsole is supported only via the iDRAC graphical user interface (GUI), which is built on HTML5; Java or OpenJRE are not officially supported.

Check Point is in the process of integrating the LOM (iDRAC) with Gaia OS to provide more secured and robust operations. Customers who require LOM (iDRAC) now, are instructed to use it in the following fashion:

Access should be limited by placing a firewall in front of the LOM interface. Firewall must allow traffic to the LOM interface (HTTPS, port 443) only from the specific internal IP addresses on your network. These internal IP addresses must be trusted, and their connections to the LOM interface must be over a trusted network.

Important:

Creating a user can only be done with the SetiDRACUser command.
Creating a user in another way may lead to problems, and is not supported by Check Point.

Procedure:

Install the required hotfix (if necessary) on the Smart-1 appliance.
In Expert mode, create a new restricted operator iDRAC user. Run:

SetiDRACUser
1. Confirm the EULA.
  Show / Hide examples
  - On R80.20 with R80.20 JHF (Take 160 and higher), R80.30 with R80.30 JHF (Take 163 and higher), R80.40 and higher:
    
    Enable access to LOM (iDRAC) in a protected environment only. Configure a firewall in front of the LOM interface that restricts access to specific sources only. The users must connect over trusted networks. Do you wish to continue (y/n)? y
  - On R80.10:
    
    Warning! You are installing a hotfix enabling an administrative control of the Check Point Smart-1 appliance through a LOM interface, being offered to users who have requested to have the LOM interface enabled prior to the release of a formal update. By proceeding with the installation, you acknowledge and agree that this is a preliminary interim solution developed without having undergone Check Point's ordinary testing and development processes and may therefore carry certain vulnerabilities. You further acknowledge that this hotfix is provided to you for your own internal use and agree to treat it as confidential and proprietary and not allow its release or installation by anyone outside your organization. Do you wish to continue (y/n)? y
2. Enter the User ID.
  
  Note: The User ID should be between 3-16 (For example: 5, 7, 12).
3. Enter the User Name.
4. Enter the User Password.
  
  It is strongly recommended that the password be strong.
The default IP address of the LOM/iDRAC interface is: 192.168.0.100

To change this IP address:
1. Connect to the command line on the Smart-1 Appliance.
2. Log in to Expert mode.
3. Run:
  
  lomipset <New-IP-Address> <New-Netmask> <New-Default-Gateway>
  
  Note: It takes 1-2 minutes for this change to apply.

Command syntax notes:

To enable an iDRAC user:

SetiDRACUser <UserID> <UserName> <Password>
To disable an iDRAC user:

UnsetiDRACUser <UserID>

Where <UserID> must be between 3-16 (For example: 5, 7, 12).

Recommended Features

Show / Hide this section

If you enable the LOM (iDRAC) support, Check Point recommends that you use the LOM (iDRAC) to only work with the features described below.

Warning: Using the LOM (iDRAC) to modify features other than those listed below may present a security risk.

The screen captures below illustrate how to navigate to the recommended features on each of the models.

Click an item to show/hide its content:

Accessing Logs

For Smart-1 525: Log in and click "Logs".

For Smart-1 625/5050/5150/600-M/6000-L/6000-XL: Log in and click "Maintenance".
Virtual Console

For Smart-1 525: Log in and click "Virtual Console".

For Smart-1 625/5050/5150/600-M/6000-L/6000-XL: Log in and click "Configuration > Virtual Console".
Monitoring

For Smart-1 525: Log in and click "Server > Summary".

For Smart-1 625/5050/5150/600-M/6000-L/6000-XL: Log in and click "System".
Power Monitoring

For Smart-1 525: Log in and click "Power / Thermal > Power Monitoring".

For Smart-1 625/5050/5150/600-M/6000-L/6000-XL: Log in and click "Configuration > Power Management".

Installing Gaia OS (R81.20 and higher) in iDRAC on Smart-1 6000-L / 6000-XL models

Show / Hide this section

Important Notes:

This section applies only to Smart-1 6000-L / 6000-XL models.
This section applies only to R81.20 and higher releases.

There are two available procedures:

Installing Gaia OS when the current host Gaia OS is accessible
Installing Gaia OS when the current host Gaia OS is not accessible and requires recovery

Procedure for Installing Gaia OS when the current host Gaia OS is accessible

Connect to the iDRAC web interface.
Mount a Virtual Media:

A. Go to Virtual Console.
B. Click Virtual Media.
C. Click Connect Virtual Media.
D. Add the Gaia OS installation image.
Change the boot order in the host Gaia OS and reboot:
A. Connect to the command line on the host Gaia OS (from the Virtual Console or through an SSH connection).
B. Log in to the Expert mode.
C. Configure the boot order to start the boot from the UCD-DVD device:
cpidrac --set_first_boot_device=UCD-DVD
Note: This command does not show an output.
D. Reboot the appliance:
reboot
Installation starts during the boot.

Example:

Procedure for Installing Gaia OS when the current host Gaia OS is not accessible and requires recovery

Log in to the iDRAC web interface with the user you created with the "SetiDRACUser" command during the initial configuration and deployment of the Smart-1 appliance.
Re-initialize the RAID through the iDRAC Console connection.

Important - This is a critical step that forces the appliance to cycle through the boot order. Because the RAID is built from scratch, there is no boot partition. The appliance continues to the next available boot option, and eventually gets to the Virtual Media you connect in Step # 4 below.

A. Go to Virtual Console.
B. Press the CTRL+R keys to reboot the appliance.
C. During boot, press the F2 key to open the BIOS Configuration Utility.
D. From the top, go to the VD Mgmt menu.
E. Go to Disk Group > Virtual Disks > select ID: 0, Virtual Disk.
F. Press the F2 key > click on Initialization > select Fast Init > and press the Enter key.
Example:

G. The appliance reboots.
H. During boot, press the F11 key to open the Boot Manager.

I. Select One-shot BIOS Boot Menu and press the Enter key
Connect the Gaia ISO file as a Virtual Media. For instructions, see step # 2 above.
Reboot the appliance (for example, using the Power button).

Important - The appliance tries to boot from its available boot devices in the order they are configured. Because the RAID is built from scratch, there is no boot partition. The appliance continues to the next available boot option, and eventually gets to the Virtual Media you connected.
Installation starts during the boot.
Example:

iDRAC CVE Vulnerabilities

Show / Hide this section

Enter the string to filter this table:

instructions:
Refer to sk168597 - How to install a Hotfix.

CVE Identifier	CVE Title	CVE and Affected iDRAC Firmware Versions	Affected Smart-1 Models
CVE-2022-34435, CVE-2022-34436	DSA-2022-265: Dell iDRAC8 and Dell iDRAC9 Security Update for a RACADM Vulnerability	CVE-2022-34435 Affected iDRAC firmware: versions prior to 6.00.30.00 CVE-2022-34436: Affected iDRAC firmware: versions prior to 2.84.84.84	None
CVE-2022-0778	DSA-2022-154: Dell iDRAC8 and Dell iDRAC9 Security Update for an OpenSSL Vulnerability	CVE-2022-0778 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.10.30.00 iDRAC8 firmware versions prior to 2.83.83.83	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625 Smart-1 525
CVE-2022-24422	DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability	CVE-2022-24422 Affected iDRAC firmware: iDRAC9 firmware versions 5.00.00.00 and later but before 5.10.10.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2019-3764	DSA-2019-137: iDRAC Improper Authorization Vulnerability	CVE-2019-3764 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.36.36.36.	Smart-1 5050/5150/625
CVE-2020-5344	DSA-2020-063: iDRAC Buffer Overflow Vulnerability	CVE-2020-5344 Affected iDRAC firmware: Dell EMC iDRAC7, iDRAC8 and iDRAC9 firmware versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00	Smart-1 5050/5150/625/525
CVE-2018-15774, CVE-2018-15776, CVE-2019-3705, CVE-2019-3706, CVE-2019-3707	DSA-2019-059: Dell EMC Network Attached Storage System using Windows Storage Server Security Update for Multiple Hardware Appliance Firmware Vulnerabilities	CVE-2018-15774 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 (CVE-2018-15774) CVE-2019-3705, CVE-2019-3706, CVE-2019-3707 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.30.30.30, 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23, 3.24.24.24, 3.22.22.22, 3.21.25.22	Smart-1 5050/5150
CVE-2020-5366	DSA-2020-128: iDRAC Local File Inclusion Vulnerability	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20	Smart-1 5050/5150/625
See Advisory	DSA-2021-015 Dell EMC VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities	CVE-2020-26198 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.32.10.00 and 4.40.00.00	Smart-1 5050/5150/625
See Advisory	DSA-2021-021 Dell EMC Integrated Data Protection Appliance Security Update for ACM, DP Advisor, vSphere and BIOS component vulnerabilities	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20	Smart-1 5050/5150/625
CVE-2020-8674, CVE-2020-8738, CVE-2020-8739, CVE-2020-8740, CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-8705, CVE-2020-8755, CVE-2020-8696, CVE-2020-3992, CVE-2020-3981, CVE-2020-3982, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995, CVE-2020-400, CVE-2020-26198	DSA-2021-006: Dell EMC VxFlex Ready Node Security Update for Multiple Vulnerabilities	CVE-2020-26198 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.32.10.00 and 4.40.00.00	Smart-1 5050/5150/625
CVE-2020-26198	DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability	CVE-2020-26198 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.32.10.00 and 4.40.00.00	Smart-1 5050/5150/625
CVE-2020-8708, CVE-2020-8730, CVE-2020-8731, CVE-2020-8707, CVE-2020-8719, CVE-2020-8721, CVE-2020-8710, CVE-2020-8711, CVE-2020-8712, CVE-2020-8718, CVE-2020-8722, CVE-2020-8732, CVE-2020-8709, CVE-2020-8723, CVE-2020-8713, CVE-2020-8706, CVE-2020-8729, CVE-2020-8715, CVE-2020-8716, CVE-2020-8714, CVE-2020-8717, CVE-2020-8720, CVE-2020-5366, CVE-2020-2803, CVE-2020-2805, CVE-2020-2816, CVE-2020-2781, CVE-2020-2830, CVE-2020-2767, CVE-2020-2800, CVE-2020-2778, CVE-2020-2764, CVE-2020-2754, CVE-2020-2755, CVE-2020-2773, CVE-2020-2756, CVE-2020-2757, CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2020-14562, CVE-2020-14621, CVE-2020-14556, CVE-2020-14573, CVE-2020-14581, CVE-2020-14578, CVE-2020-14579, CVE-2020-14577, CVE-2019-18197	DSA-2020-269: Dell EMC ECS Security Update for Multiple Third-Party Component Vulnerabilities	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20	Smart-1 5050/5150/625
CVE-2019-3705, CVE-2019-3706, CVE-2019-3707	DSA-2019-028: Dell EMC iDRAC Multiple Vulnerabilities	CVE-2019-3705, CVE-2019-3706, and CVE-2019-3707 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.30.30.30, 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23, 3.24.24.24, 3.22.22.22, 3.21.25.22	Smart-1 5050/5150
CVE-2018-15774, CVE-2018-15776	DSA-2019-040: Dell EMC VxRack Flex Security Update for Multiple Hardware Appliance Firmware Vulnerabilities	CVE-2018-15774 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23	Smart-1 5050/5150
CVE-2018-15774, CVE-2018-15776	DSA-2019-032: Dell EMC Data Domain DD3300 Security Update for Dell EMC iDRAC Vulnerabilities	CVE-2018-15774 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 (CVE-2018-15774)	Smart-1 5050/5150
CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3953, CVE-2020-3954, CVE-2019-18197, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2764, CVE-2020-2767, CVE-2020-2773, CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2015-9096, CVE-2016-7798, CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17742, CVE-2017-17790, CVE-2017-9103, CVE-2017-9104, CVE-2017-9105, CVE-2017-9109, CVE-2017-9106, CVE-2017-9107, CVE-2017-9108, CVE-2017-9228, CVE-2017-9229, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-100007, CVE-2018-1000199, CVE-2018-16395, CVE-2018-16396, CVE-2018-18384, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780, CVE-2018-8956, CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-18197, CVE-2019-18348, CVE-2019-19462, CVE-2019-19768, CVE-2019-19770, CVE-2019-20806, CVE-2019-20807, CVE-2019-20812, CVE-2019-3701, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325, CVE-2019-9455, CVE-2019-9458, CVE-2019-9674, CVE-2020-0543, CVE-2020-10029, CVE-2020-10663, CVE-2020-10690, CVE-2020-10711, CVE-2020-10720, CVE-2020-10732, CVE-2020-10751, CVE-2020-10757, CVE-2020-10942, CVE-2020-11494, CVE-2020-11669, CVE-2020-11868, CVE-2020-12114, CVE-2020-12243, CVE-2020-12464, CVE-2020-12652, CVE-2020-12653, CVE-2020-12654, CVE-2020-12655, CVE-2020-12656, CVE-2020-12657, CVE-2020-12768, CVE-2020-12769, CVE-2020-13143, CVE-2020-13817, CVE-2020-15025, CVE-2020-1751, CVE-2020-1752, CVE-2020-3898, CVE-2020-8492, CVE-2020-8616, CVE-2020-8617, CVE-2020-8647, CVE-2020-8649, CVE-2020-8834, CVE-2020-9383, CVE-2019-18197, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2764, CVE-2020-2767, CVE-2020-2773, CVE-2020-14664, CVE-2020-14583, CVE-2020-14593, CVE-2019-17569, CVE-2020-1935, CVE-2020-1938, CVE-2018-8014, CVE-2018-8034, CVE-2018-8037, CVE-2020-0548, CVE-2020-0549, CVE-2020-5366, CVE-2020-3976	DSA-2020-175: VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20	Smart-1 5050/5150/625
CVE-2019-3705, CVE-2019-3706, CVE-2019-3707	DSA-2019-082: Dell EMC Data Domain DD3300 Security Update for Dell EMC iDRAC Vulnerabilities	CVE-2019-3705 iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 CVE-2019-3706 iDRAC9 firmware versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 CVE-2019-3707 iDRAC9 firmware versions prior to 3.30.30.30	Smart-1 5050/5150
CVE-2019-3764	DSA-2020-032: Dell EMC VxRack Flex Security Update for Dell DMC iDRAC Improper Authorization Vulnerability	CVE-2019-3764 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.36.36.36	Smart-1 5050/5150/625
CVE-2018-15774, CVE-2018-15776	DSA-2019-023: Dell EMC ECS Security Update for Multiple Hardware Appliance Firmware Vulnerabilities	CVE-2018-15774 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23	Smart-1 5050/5150
CVE-2019-3707	DSA-2019-058: Dell EMC ECS Security Update for a Hardware Appliance Firmware Vulnerability	CVE-2019-3705, CVE-2019-3706, CVE-2019-3707 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.30.30.30, 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23, 3.24.24.24, 3.22.22.22, 3.21.25.22	Smart-1 5050/5150
CVE-2015-8325, CVE-2016-3115, CVE-2018-12127, CVE-2018-12126, CVE-2018-12130, CVE-2019-11091, CVE-2020-3953, CVE-2020-3954, CVE-2020-0527, CVE-2020-5366, CVE-2020-5344, CVE-2020-3976	DSA-2020-193: Dell EMC VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20 CVE-2020-5344 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.00.00.00	Smart-1 5050/5150/625
CVE-2020-3976, CVE-2020-5366, CVE-2015-8325, CVE-2016-3115, CVE-2018-12127, CVE-2018-12126, CVE-2018-12130, CVE-2019-11091, CVE-2020-0548, CVE-2020-0549	DSA-2020-213: VxRail Appliance Security Update for Multiple Component Vulnerabilities	CVE-2020-5366 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.20.20.20	Smart-1 5050/5150/625
CVE-2020-5344	DSA-2020-137: Dell EMC VxRail Appliance Security Update for Multiple Third-Party Component Vulnerabilities	CVE-2020-5344 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.00.00.00	Smart-1 5050/5150/625
CVE-2019-3764	DSA-2020-025: Dell EMC VCF over VxRail Security Update for Dell DMC iDRAC Improper Authorization Vulnerability	CVE-2019-3764 Affected iDRAC firmware: iDRAC9 firmware versions prior to 3.36.36.36	Smart-1 5050/5150/625
CVE-2021-21539, CVE-2021-21540, CVE-2021-21541, CVE-2021-21543, CVE-2021-21544	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities	CVE-2021-21539, CVE-2021-21540, CVE-2021-21541, CVE-2021-21543, CVE-2021-21544 Affected iDRAC firmware: iDRAC9 firmware Versions prior to 4.40.00.00	Smart-1 5050/5150/625
CVE-2021-21542	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities	CVE-2021-21542 Affected iDRAC firmware: iDRAC9 firmware Versions prior to 4.40.10.00 The privileges of the iDRAC operator user are lower than those that can exploit the vulnerability.	Smart-1 6000-L/6000-XL/600-M Smart-1 5050/5150/625
CVE-2021-21538	DSA-2020-082: Dell EMC iDRAC 9 Security Update for Improper Authentication Vulnerability	CVE-2021-21538 Affected iDRAC firmware: iDRAC 9 firmware versions 4.40.00.00 and later, but prior to 4.40.10.00	Smart-1 6000-L/6000-XL/600-M Smart-1 5050/5150/625
CVE-2021-21580	DSA-2021-133: Dell iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-21580 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.00.00.00 iDRAC8 firmware versions prior to 2.80.80.80	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625 Smart-1 525
CVE-2021-21581	DSA-2021-133: Dell iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-21581 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.00.00.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2021-21576, CVE-2021-21578, CVE-2021-21579, CVE-2021-21577	DSA-2021-133: Dell iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-21576, CVE-2021-21578, CVE-2021-21579, CVE-2021-21577 Affected iDRAC firmware: iDRAC9 firmware versions prior to 4.40.40.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2021-36299, CVE-2021-36300	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-36299, CVE-2021-36300 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.00.00.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2021-36301	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-36301 Affected iDRAC firmware: iDRAC9 firmware versions 2.80.80.80 and 4.40.40.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625 Smart-1 525
CVE-2021-20235	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-20235 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.00.10.20	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2021-36348	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-36348 Affected iDRAC firmware: iDRAC9 firmware versions prior to 5.00.20.00	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625
CVE-2021-36347	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-36347 Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82 iDRAC9 firmware versions prior to 5.00.20.00 Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625 Smart-1 525
CVE-2021-36346	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-36346 Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82 Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.	Smart-1 525
CVE-2021-3712	DSA-2021-177: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities	CVE-2021-3712 CVE-2021-36347 Affected iDRAC firmware: iDRAC8 firmware versions prior to 2.82.82.82 iDRAC9 firmware versions prior to 5.10.00.00 Note - For Smart-1 525 appliances, an update for 2.82.82.82 will be released in the future. If you need it now, Contact Check Point Support to get a Hotfix for this issue.	Smart-1 6000-L/6000-XL Smart-1 600-M Smart-1 5050/5150 Smart-1 625 Smart-1 525

Known Limitations

Show / Hide this section

Issue ID	Description
-	Gaia ISO install via IDRAC LOM is not supported. Resolved in R81.20. See the section "Installing Gaia OS (R81.20 and higher) in iDRAC on Smart-1 6000-L / 6000-XL models" above.
-	Access to iDRAC is available only with restricted operator user.
-	In iDRAC firmware 4.40.0.0 (End version), if a cable is not connected to the iDRAC port, the IP address is not reported. If a cable is plugged into the iDRAC port and linked up, the correct IP address is reported.
PMTR-68408	It takes about one minute for the `lomipset` command to apply changes in the network configuration settings.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating