LOW✓ PATCH🇬🇧 English

CVE-2022-34436

CVSS 2.7v3.1pub. 2023-01-18upd. 2024-11-21

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
  • Dell Idrac8

    HW
    Dell
    wszystkie wersje
  • Dell Idrac8 Firmware

    OS
    Dell
    < 2.84.84.84
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2019-3705CRITICAL9.8ten sam produkt

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior ...

CVE-2024-25951HIGH8.0ten sam produkt

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of...

CVE-2020-5344HIGH7.0ten sam produkt

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based ...

CVE-2018-1243HIGH7.5ten sam produkt

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prio...

CVE-2018-1244HIGH8.8ten sam produkt

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a comman...