Lucene search

DellCVELIST:CVE-2022-24422

HistoryMay 26, 2022 - 3:20 p.m.

CVE-2022-24422

2022-05-2615:20:22

CWE-287

dell

www.cve.org

cve-2022-24422

dell idrac9

authentication

vulnerability

vnc console

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

CNA Affected

[
  {
    "product": "Integrated Dell Remote Access Controller 9",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.10.10.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

74.1%

JSON

Related for CVELIST:CVE-2022-24422