Artikelnummer: 000205346
Low
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34435 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | 2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
| CVE-2022-34436 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. |
2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2022-34435 | Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | 2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
| CVE-2022-34436 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker may potentially exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. |
2.7 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34435 | Dell iDRAC9 | Versions before 6.00.30.00 | 6.00.30.00 | https://www.dell.com/support/home/drivers/driversdetails?driverId=D92HF |
| CVE-2022-34436 | Dell iDRAC8 | Versions before 2.84.84.84 | 2.84.84.84 | https://www.dell.com/support/home/drivers/driversdetails?driverId=G79DW |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2022-34435 | Dell iDRAC9 | Versions before 6.00.30.00 | 6.00.30.00 | https://www.dell.com/support/home/drivers/driversdetails?driverId=D92HF |
| CVE-2022-34436 | Dell iDRAC8 | Versions before 2.84.84.84 | 2.84.84.84 | https://www.dell.com/support/home/drivers/driversdetails?driverId=G79DW |
Dell Technologies would like to thank the Cloud Compute Security Team from Google for reporting this issue.
| Revision | Date | Description |
| 1.0 | 2022-11-14 | Initial release |
| 2.0 | 2023-04-03 | Updated "Affected Products and Remediation" section with iDRAC8 Updated Version |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
iDRAC8, iDRAC9, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series, iDRAC9 - 5.xx Series, iDRAC9 - 6.xx Series
Product Security Information
04 apr 2023
2
Dell Security Advisory