Plateforme
dell
Composant
idrac9
Corrigé dans
5.10.10.00
CVE-2022-24422 describes an improper authentication vulnerability discovered in Dell iDRAC9. This flaw allows a remote, unauthenticated attacker to potentially gain access to the VNC console, leading to significant security compromises. The vulnerability affects iDRAC9 versions 5.00.00.00 and later, up to and excluding version 5.10.10.00. Dell has released a patch in version 5.10.10.00 to address this issue.
Successful exploitation of CVE-2022-24422 grants an attacker unauthorized access to the iDRAC9's VNC console. This console provides a graphical interface for managing the server, allowing attackers to potentially modify system configurations, steal sensitive data, install malware, or even take complete control of the affected server. Given the iDRAC9's role in remote management, this vulnerability represents a significant escalation of privilege, enabling attackers to bypass standard security controls and compromise the underlying infrastructure. The lack of authentication required for exploitation dramatically increases the attack surface and potential for widespread compromise.
CVE-2022-24422 is considered a high-severity vulnerability due to its ease of exploitation and potential impact. Public proof-of-concept (PoC) code is likely to emerge, further increasing the risk of exploitation. While no active campaigns have been publicly confirmed at the time of writing, the vulnerability's simplicity makes it a prime target for opportunistic attackers. The vulnerability was publicly disclosed on May 26, 2022. It is not currently listed on CISA KEV.
Organizations heavily reliant on Dell iDRAC9 for remote server management are at significant risk. This includes data centers, cloud providers, and businesses with numerous physical servers. Environments with legacy iDRAC9 configurations or those lacking robust network segmentation are particularly vulnerable.
• linux / server:
journalctl -u idrac9 | grep -i "authentication failed"• dell / supply-chain:
Check iDRAC9 firmware version using racadm getversion. Alert if version is below 5.10.10.00.
• generic web:
Attempt to access the iDRAC9 VNC console without authentication. Monitor access logs for unauthorized attempts.
disclosure
Statut de l'Exploit
EPSS
15.79% (percentile 95%)
Vecteur CVSS
The primary mitigation for CVE-2022-24422 is to upgrade the Dell iDRAC9 firmware to version 5.10.10.00 or later. Before upgrading, it is crucial to review Dell's compatibility matrix to ensure the new firmware is compatible with the existing hardware and software environment. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the iDRAC9 management interface. Firewall rules should be configured to only allow authorized IP addresses to connect to the iDRAC9. Monitor iDRAC9 logs for suspicious activity, particularly failed login attempts or unusual console access. After upgrading, verify the fix by attempting to access the VNC console without authentication; access should be denied.
Mettez à jour le firmware de Dell iDRAC9 à la version 5.10.10.00 ou ultérieure. Cela corrigera la vulnérabilité d'authentification incorrecte et empêchera l'accès non autorisé à la console VNC.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2022-24422 is a critical vulnerability in Dell iDRAC9 allowing unauthenticated remote access to the VNC console, potentially granting attackers full control.
You are affected if your Dell iDRAC9 is running versions 5.00.00.00 through 5.10.10.00. Check your firmware version immediately.
Upgrade your Dell iDRAC9 firmware to version 5.10.10.00 or later. Review Dell's compatibility matrix before upgrading.
While no active campaigns are confirmed, the vulnerability's simplicity makes it a likely target for exploitation. Monitor your systems closely.
Refer to the Dell Security Advisory: https://www.dell.com/support/kbdoc/en-us/000194388/security-update-for-dell-idrac9-improper-authentication-vulnerability
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.