CVE-2022-34436
LOWDell iDRAC8 < 2.84.84.84 - Authenticated Firmware Lock-Down Bypass via Racadm
Title source: llmDescription
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
https://www.dell.com/support/kbdoc/en-us/000205346/dsa-2022-265-dell-idrac8-and-dell-idrac9-security-update-for-a-racadm-vulnerability
Scores
CVSS v3
2.7
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
dell/idrac8_firmware
< 2.84.84.84
Published
Jan 18, 2023
Tracked Since
Feb 18, 2026