Upgrading CIMC and BIOS firmware’s by GUI
The purpose of this article is to guide the upgrade of the CIMC for the UCS-C220-M4 via the GUI. Cisco announced a vulnerability, CSCwi10842, which could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. There is no workaround; updating the Cisco Integrated Management Controller (CIMC) to a fixed version is essential. There are two methods to update the CIMC: the first is by booting with an ISO, and the second is by using the GUI. This article will focus on updating the CIMC via GUI, which is a bit tricky. We will extract the CIMC firmware (BIOS & CIMC) from the ISO using Linux (CentOS7). Do not bother using Ubuntu 16.04, as Cisco recommended in several articles; it just won’t work.
?Step1: Download Firmware
Chose Server Firmware and chose the HUU version that you want. I will go with usc-c220m4-huu-4.1.2m.iso
Step2: Download CentOS7 to help us extracting CIMC firmware from HUU.ISO
You can download CentOS 7 from the official CentOS website. However, it's important to note that CentOS 7 will be discontinued in July 2024. If you still need to download it, you can use the following link:
From CentOS:
From Google Drive:
After downloading CentOS, I installed it on VMware Workstation. I encountered a problem with the root user in CentOS: 'centos is not in the sudoers file.' To resolve this issue, do the following:
I added my user (aymen) to the configuration file known as “sudoers”.
sudo vim /etc/sudoers
click (i), go down and write what you see on the picture below and replace my user (aymen) by your user off course. Then click on escap, then(:wq!) to save your change.
Step3: Extract CIMC firmware from HUU.ISO (ucs-c220m4-huu-4.1.2m.iso)
1.?Inside the ISO, there is an important folder called GETFW. This folder contains a file named getfw which helps us to extract the firmware (BIOS and CIMC) from ucs-c220m4-huu-xxx.iso.
2. getfw should be placed in the same folder where HUU.ISO exists.
3. I downloaded ucs-c220m4-huu-4.1.2m.iso to /home/centos/Download.
4. Then, right-click on the ISO file, extract it, and copy it to the path where HUU.ISO exists.
5.?Or double-click on HUU.ISO and copy getfw from the mount path to /home/centos/Download.
6.?Or Mount HUU.ISO using the CLI as follows:
领英推荐
sudo mkdir /mnt/HUU4
sudo mount /home/centos/Download/ucs-c220m4-huu-4.1.2m.iso /mnt/HUU4
sudo cp /mnt/HUU4/GETFW/getfw /home/centos/Download/
sudo chmod 777 /home/centos/Download/getfw
To verify if getfw will work, execute the following:
sudo /home/centos/Download/getfw -h
If everything is set up correctly, you should see the output as follows:
?
?Now, extract firmware:
sudo /home/centos/Download/getfw -h
sudo /home/centos/Download/getfw -s ucs-c220m4-huu-4.1.2m.iso -d /home/centos/Download/
The extraction process will generate a new folder named 'USC' in /home/centos/Download/ and place the firmware in it as you see in below:
Step4: update CIMC over GUI
Now, open the CIMC GUI and navigate to 'Admin Firmware Management' to upload the BIOS and CIMC firmware. Uploading the firmware will not affect the server as it will serve as a backup version. To apply the changes, you must activate the firmware and reboot the CIMC. This process will integrate the updates into the underlying software for CIMC.
Do the same above to BIOS.
I hope you find this article informative.
Thank you.
Aymen
Founder & President at linehaul.ai
6 个月"Decryption failed."