Improper Input Validation in Dell iDRAC8 Product
CVE-2022-34436

2.7LOW

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller 8
Vendor: CVE Published:; 18 January 2023

What is CVE-2022-34436?

The Dell iDRAC8, specifically versions 2.83.83.83 and earlier, suffers from an improper input validation vulnerability within Racadm when the firmware lockdown configuration is enabled. This flaw potentially allows a remote attacker with high privileges to circumvent the firmware lockdown settings, thus enabling unauthorized firmware updates. Such exploitation could lead to compromised device integrity and unauthorized changes to system configurations.

Affected Version(s)

Integrated Dell Remote Access Controller 8 0 <= 2.83.83.83

References

https://www.dell.com/support/kbdoc/en-us/000205346/dsa-20...

vendor-advisory

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Jun 23, 2022