CVE-2022-24422
CVE-2022-24422
In short
Dell iDRAC9 has a flaw that allows anyone on the network to access the VNC console without needing a password. This is critical because it gives attackers full control over server management functions.
Technical detail
CVE-2022-24422 is an improper authentication vulnerability (CWE-287) in Dell iDRAC9 versions 5.00.00.00 through 5.10.09.99 where remote unauthenticated attackers can bypass authentication mechanisms to gain unauthorized access to the VNC console. The vulnerability requires network access but no credentials, allowing attackers to obtain administrative control over server hardware management interfaces.
Summary generated and translated by AI from the official description.
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Dell · Integrated Dell Remote Access Controller 9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →