Platform
dell
Component
idrac9
Fixed in
5.10.10.00
CVE-2022-24422 describes an improper authentication vulnerability discovered in Dell iDRAC9. This flaw allows a remote, unauthenticated attacker to potentially gain access to the VNC console, leading to significant security compromises. The vulnerability affects iDRAC9 versions 5.00.00.00 and later, up to and excluding version 5.10.10.00. Dell has released a patch in version 5.10.10.00 to address this issue.
Successful exploitation of CVE-2022-24422 grants an attacker unauthorized access to the iDRAC9's VNC console. This console provides a graphical interface for managing the server, allowing attackers to potentially modify system configurations, steal sensitive data, install malware, or even take complete control of the affected server. Given the iDRAC9's role in remote management, this vulnerability represents a significant escalation of privilege, enabling attackers to bypass standard security controls and compromise the underlying infrastructure. The lack of authentication required for exploitation dramatically increases the attack surface and potential for widespread compromise.
CVE-2022-24422 is considered a high-severity vulnerability due to its ease of exploitation and potential impact. Public proof-of-concept (PoC) code is likely to emerge, further increasing the risk of exploitation. While no active campaigns have been publicly confirmed at the time of writing, the vulnerability's simplicity makes it a prime target for opportunistic attackers. The vulnerability was publicly disclosed on May 26, 2022. It is not currently listed on CISA KEV.
Exploit Status
EPSS
15.79% (95% percentile)
CVSS Vector
The primary mitigation for CVE-2022-24422 is to upgrade the Dell iDRAC9 firmware to version 5.10.10.00 or later. Before upgrading, it is crucial to review Dell's compatibility matrix to ensure the new firmware is compatible with the existing hardware and software environment. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the iDRAC9 management interface. Firewall rules should be configured to only allow authorized IP addresses to connect to the iDRAC9. Monitor iDRAC9 logs for suspicious activity, particularly failed login attempts or unusual console access. After upgrading, verify the fix by attempting to access the VNC console without authentication; access should be denied.
Update the Dell iDRAC9 firmware to version 5.10.10.00 or later. This will resolve the improper authentication vulnerability and prevent unauthorized access to the VNC Console.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-24422 is a critical vulnerability in Dell iDRAC9 allowing unauthenticated remote access to the VNC console, potentially granting attackers full control.
You are affected if your Dell iDRAC9 is running versions 5.00.00.00 through 5.10.10.00. Check your firmware version immediately.
Upgrade your Dell iDRAC9 firmware to version 5.10.10.00 or later. Review Dell's compatibility matrix before upgrading.
While no active campaigns are confirmed, the vulnerability's simplicity makes it a likely target for exploitation. Monitor your systems closely.
Refer to the Dell Security Advisory: https://www.dell.com/support/kbdoc/en-us/000194388/security-update-for-dell-idrac9-improper-authentication-vulnerability
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.