Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
checkpoint_securityCheck Point Security AlertsCPS:SK179184
HistoryMay 15, 2022 - 1:18 a.m.

Check Point Response to CVE-2022-24422: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

2022-05-1501:18:33
Check Point Security Alerts
supportcenter.checkpoint.com
13
check point
dell idrac9
cve-2022-24422
improper authentication vulnerability
vnc console
smart-1 appliance
firmware upgrade.

EPSS

0.004

Percentile

74.1%

JSON

Symptoms

  • Dell published CVE-2022-24422 for iDRAC9 versions 5.00.00.00 and higher but lower than 5.10.10.00. These versions contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
    For more information, refer to CVE-2022-24422.

Cause

Refer to Dell’s DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability.

Solution

Important Note: If you have not enabled iDRAC (as described in sk122914), your Smart-1 appliance isnot affected.

If you have enabled iDRAC, upgrade to the final version for your Smart-1 appliance model. For instructions, refer to sk122914 - Enabling LOM (iDRAC) Management for Smart-1 525/5050/5150/625/6000-L/6000-XL/600-M Appliances (section: iDRAC Firmware Upgrade Path).

Related

cvelist 1
nvd 1
cve 1
prion 1
nessus 1
cvelist
cvelist
CVE-2022-24422
2022-05-26 15:20:22
nvd
nvd
CVE-2022-24422
2022-05-26 16:15:08
cve
cve
CVE-2022-24422
2022-05-26 16:15:08
prion
prion
Authentication flaw
2022-05-26 16:15:00
nessus
nessus
Dell iDRAC9 Improper Authentication (CVE-2022-24422)
2024-01-17 00:00:00

EPSS

0.004

Percentile

74.1%

JSON
Related for CPS:SK179184
cvelist1nvd1cve1prion1nessus1