First published: Wed Jan 18 2023(Updated: )
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac9 Firmware | <6.00.30.00 | |
Dell iDRAC9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Dell iDRAC9 firmware is CVE-2022-34435.
The severity of CVE-2022-34435 is medium with a severity value of 4.9.
The affected software for CVE-2022-34435 is Dell iDRAC9 firmware version 6.00.02.00 and prior.
CVE-2022-34435 allows a remote high privileged attacker to bypass the firmware lock-down configuration and perform a firmware update.
To fix CVE-2022-34435 in Dell iDRAC9 firmware, it is recommended to update to version 6.00.30.00 or later.