Vulnerability Details CVE-2022-34436
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.0%
CVSS Severity
CVSS v3 Score 2.7
References
Products affected by CVE-2022-34436
-
cpe:2.3:h:dell:idrac8:-
-
cpe:2.3:o:dell:idrac8_firmware:2.00.00.00
-
cpe:2.3:o:dell:idrac8_firmware:2.30.30.30
-
cpe:2.3:o:dell:idrac8_firmware:2.52.52.52
-
cpe:2.3:o:dell:idrac8_firmware:2.60.60.60
-
cpe:2.3:o:dell:idrac8_firmware:2.61.60.60
-
cpe:2.3:o:dell:idrac8_firmware:2.70.70.70