CVE-2022-34435 LOW

CVE-2022-34435

Vendor Dell

Product Integrated Dell Remote Access Controller 9

Weakness CWE-20 · Input validation

Published January 18, 2023

Last update April 3, 2025

View on NVD All CVEs

CVSS base score

2.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

Key dates

02Disclosure timeline

January 18, 2023 CVE published

April 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-34435 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2022-34435

CWE CWE-20

CVSS 2.7 / LOW

Affected versions