Platform
dell
Component
idrac9
Opgelost in
5.10.10.00
CVE-2022-24422 describes an improper authentication vulnerability discovered in Dell iDRAC9. This flaw allows a remote, unauthenticated attacker to potentially gain access to the VNC console, leading to significant security compromises. The vulnerability affects iDRAC9 versions 5.00.00.00 and later, up to and excluding version 5.10.10.00. Dell has released a patch in version 5.10.10.00 to address this issue.
Successful exploitation of CVE-2022-24422 grants an attacker unauthorized access to the iDRAC9's VNC console. This console provides a graphical interface for managing the server, allowing attackers to potentially modify system configurations, steal sensitive data, install malware, or even take complete control of the affected server. Given the iDRAC9's role in remote management, this vulnerability represents a significant escalation of privilege, enabling attackers to bypass standard security controls and compromise the underlying infrastructure. The lack of authentication required for exploitation dramatically increases the attack surface and potential for widespread compromise.
CVE-2022-24422 is considered a high-severity vulnerability due to its ease of exploitation and potential impact. Public proof-of-concept (PoC) code is likely to emerge, further increasing the risk of exploitation. While no active campaigns have been publicly confirmed at the time of writing, the vulnerability's simplicity makes it a prime target for opportunistic attackers. The vulnerability was publicly disclosed on May 26, 2022. It is not currently listed on CISA KEV.
Organizations heavily reliant on Dell iDRAC9 for remote server management are at significant risk. This includes data centers, cloud providers, and businesses with numerous physical servers. Environments with legacy iDRAC9 configurations or those lacking robust network segmentation are particularly vulnerable.
• linux / server:
journalctl -u idrac9 | grep -i "authentication failed"• dell / supply-chain:
Check iDRAC9 firmware version using racadm getversion. Alert if version is below 5.10.10.00.
• generic web:
Attempt to access the iDRAC9 VNC console without authentication. Monitor access logs for unauthorized attempts.
disclosure
Exploit Status
EPSS
15.79% (95% percentiel)
CVSS-vector
The primary mitigation for CVE-2022-24422 is to upgrade the Dell iDRAC9 firmware to version 5.10.10.00 or later. Before upgrading, it is crucial to review Dell's compatibility matrix to ensure the new firmware is compatible with the existing hardware and software environment. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the iDRAC9 management interface. Firewall rules should be configured to only allow authorized IP addresses to connect to the iDRAC9. Monitor iDRAC9 logs for suspicious activity, particularly failed login attempts or unusual console access. After upgrading, verify the fix by attempting to access the VNC console without authentication; access should be denied.
Werk de Dell iDRAC9 firmware bij naar versie 5.10.10.00 of hoger. Dit verhelpt de onjuiste authenticatie kwetsbaarheid en voorkomt ongeautoriseerde toegang tot de VNC Console.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2022-24422 is a critical vulnerability in Dell iDRAC9 allowing unauthenticated remote access to the VNC console, potentially granting attackers full control.
You are affected if your Dell iDRAC9 is running versions 5.00.00.00 through 5.10.10.00. Check your firmware version immediately.
Upgrade your Dell iDRAC9 firmware to version 5.10.10.00 or later. Review Dell's compatibility matrix before upgrading.
While no active campaigns are confirmed, the vulnerability's simplicity makes it a likely target for exploitation. Monitor your systems closely.
Refer to the Dell Security Advisory: https://www.dell.com/support/kbdoc/en-us/000194388/security-update-for-dell-idrac9-improper-authentication-vulnerability
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.