Details of VAR-202205-1567

ID

VAR-202205-1567

CVE

CVE-2022-24422

TITLE

Dell iDRAC9 Authorization Issue Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2022-42736

DESCRIPTION

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. Dell iDRAC9 is provided by Dell (DELL) to provide comprehensive, embedded management, and automation functions for the entire PowerEdge series of servers. a controller. An authorization issue vulnerability in Dell iDRAC9 stems from improper rights management, which could allow attackers to bypass Dell iDRAC9 restrictions to gain user privileges

Trust: 1.62

sources: NVD: CVE-2022-24422 // CNVD: CNVD-2022-42736 // VULHUB: VHN-414169 // VULMON: CVE-2022-24422

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-42736

AFFECTED PRODUCTS

vendor:	dell	model:	idrac9	scope:	gte	version:	5.00.00.00	Trust: 1.0
vendor:	dell	model:	idrac9	scope:	lt	version:	5.10.10.00	Trust: 1.0
vendor:	dell	model:	emc idrac9	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2022-42736 // NVD: CVE-2022-24422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-24422
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2022-24422
value:	CRITICAL
Trust: 1.0
CNVD:	CNVD-2022-42736
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-3714
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-414169
value:	HIGH
Trust: 0.1
VULMON:	CVE-2022-24422
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-24422
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2022-42736
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-414169
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2022-24422
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2022-24422
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-42736 // VULHUB: VHN-414169 // VULMON: CVE-2022-24422 // CNNVD: CNNVD-202205-3714 // NVD: CVE-2022-24422 // NVD: CVE-2022-24422

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.1

sources: VULHUB: VHN-414169 // NVD: CVE-2022-24422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3714

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202205-3714

EXTERNAL IDS

db:	NVD	id:	CVE-2022-24422	Trust: 2.4
db:	CNVD	id:	CNVD-2022-42736	Trust: 0.7
db:	CNNVD	id:	CNNVD-202205-3714	Trust: 0.7
db:	VULHUB	id:	VHN-414169	Trust: 0.1
db:	VULMON	id:	CVE-2022-24422	Trust: 0.1

sources: CNVD: CNVD-2022-42736 // VULHUB: VHN-414169 // VULMON: CVE-2022-24422 // CNNVD: CNNVD-202205-3714 // NVD: CVE-2022-24422

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability	Trust: 1.8
url:	https://vigilance.fr/vulnerability/dell-idrac9-user-access-38398	Trust: 1.2
url:	https://cxsecurity.com/cveshow/cve-2022-24422/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-42736 // VULHUB: VHN-414169 // VULMON: CVE-2022-24422 // CNNVD: CNNVD-202205-3714 // NVD: CVE-2022-24422

SOURCES

db:	CNVD	id:	CNVD-2022-42736
db:	VULHUB	id:	VHN-414169
db:	VULMON	id:	CVE-2022-24422
db:	CNNVD	id:	CNNVD-202205-3714
db:	NVD	id:	CVE-2022-24422

LAST UPDATE DATE

2024-11-23T22:28:58.915000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-42736	date:	2022-06-02T00:00:00
db:	VULHUB	id:	VHN-414169	date:	2022-06-07T00:00:00
db:	VULMON	id:	CVE-2022-24422	date:	2022-06-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3714	date:	2022-06-08T00:00:00
db:	NVD	id:	CVE-2022-24422	date:	2024-11-21T06:50:23.700

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-42736	date:	2022-06-01T00:00:00
db:	VULHUB	id:	VHN-414169	date:	2022-05-26T00:00:00
db:	VULMON	id:	CVE-2022-24422	date:	2022-05-26T00:00:00
db:	CNNVD	id:	CNNVD-202205-3714	date:	2022-05-18T00:00:00
db:	NVD	id:	CVE-2022-24422	date:	2022-05-26T16:15:08.113