CVE-2022-34435
LOWDell iDRAC9 < 6.00.30.00 - Authenticated Firmware Lock-Down Bypass via Racadm
Title source: llmDescription
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.dell.com/support/kbdoc/000205346
Scores
CVSS v3
2.7
EPSS
0.0014
EPSS Percentile
33.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
dell/idrac9_firmware
< 6.00.30.00
Published
Jan 18, 2023
Tracked Since
Feb 18, 2026