Vulnerability Details CVE-2022-34435
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 2.7
References
Products affected by CVE-2022-34435
-
cpe:2.3:h:dell:idrac9:-
-
cpe:2.3:o:dell:idrac9_firmware:3.00.00.00
-
cpe:2.3:o:dell:idrac9_firmware:3.11.11.11
-
cpe:2.3:o:dell:idrac9_firmware:3.15.15.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.17.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.19.15
-
cpe:2.3:o:dell:idrac9_firmware:3.16.16.16
-
cpe:2.3:o:dell:idrac9_firmware:3.17.17.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.18.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.20.17
-
cpe:2.3:o:dell:idrac9_firmware:3.18.18.18
-
cpe:2.3:o:dell:idrac9_firmware:3.19.19.19
-
cpe:2.3:o:dell:idrac9_firmware:3.20.20.20
-
cpe:2.3:o:dell:idrac9_firmware:3.20.21.20
-
cpe:2.3:o:dell:idrac9_firmware:3.21.21.21
-
cpe:2.3:o:dell:idrac9_firmware:3.21.21.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.23.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.24.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.25.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.26.22
-
cpe:2.3:o:dell:idrac9_firmware:3.22.22.22
-
cpe:2.3:o:dell:idrac9_firmware:3.23.23.23
-
cpe:2.3:o:dell:idrac9_firmware:3.24.24.24
-
cpe:2.3:o:dell:idrac9_firmware:3.30.30.30
-
cpe:2.3:o:dell:idrac9_firmware:3.31.31.31
-
cpe:2.3:o:dell:idrac9_firmware:3.32.32.32
-
cpe:2.3:o:dell:idrac9_firmware:3.34.34.34
-
cpe:2.3:o:dell:idrac9_firmware:3.36.36.36
-
cpe:2.3:o:dell:idrac9_firmware:3.40.40.40
-
cpe:2.3:o:dell:idrac9_firmware:3.42.42.42
-
cpe:2.3:o:dell:idrac9_firmware:4.00.00.00
-
cpe:2.3:o:dell:idrac9_firmware:4.20.20.20
-
cpe:2.3:o:dell:idrac9_firmware:4.40.00.00