Omitir para ir al contenido principal
  • Hacer pedidos rápida y fácilmente
  • Ver pedidos y realizar seguimiento al estado del envío
  • Cree y acceda a una lista de sus productos

Dell EMC SupportAssist Enterprise (Server, Storage, Networking) - Undocumented Default Account Vulnerability

Resumen: We have identified a vulnerability in SupportAssist Enterprise and this article provides information with a download link to update your version to resolve the issue.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.

Síntomas

CVE Identifier: CVE-2018-1214

Severity: Critical (in specific limited configurations, see note below)

Affected products: Dell EMC SupportAssist Enterprise 1.1 and upgrade to 1.2 (Windows OS Management Station versions only)

 

Summary:

Dell EMC SupportAssist Enterprise 1.2.1 contains fixes for an undocumented default account vulnerability that could potentially be exploited by unauthorized users to compromise the affected system.

 

Details:

SupportAssist Enterprise version 1.1 creates a local windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after upgrade from v1.1 to v1.2.  Access to the management console can be achieved by someone with knowledge of the default password. 

 

If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. 

 

SLN308843_en_US__1icon Note: The (critical) severity level is based on configurations where SupportAssist Enterprise is installed on a server running OME with fee-based Server Configuration Management feature enabled. Dell EMC recommends that customers take into account any deployment factors that may be relevant to their environment to assess their overall risk.

 

SLN308843_en_US__1icon Note: Linux versions of SupportAssist Enterprise v1.1 and upgrade to v1.2 are not affected by this issue.

 

SLN308843_en_US__1icon Note: The issue did not impact any other enterprise or end user version of SupportAssist.

 

Resolution:

The following Dell EMC SupportAssist Enterprise release contains resolutions to these vulnerabilities:

  • Dell EMC SupportAssist Enterprise version 1.2.1
SLN308843_en_US__1icon Dell EMC recommends all customers upgrade to v1.2.1 immediately.

 

Workaround:

OmeAdapterUser user account can be deleted manually. Deleting this user account does not affect the functionality of SupportAssist Enterprise or OpenManage Essentials.

 

Link to remedies:

Customers can download software from the Dell EMC SupportAssist Enterprise Version 1.2.1 Windows Management Server page.

 


Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Productos afectados

PowerEdge
Propiedades del artículo
Número del artículo: 000177171
Tipo de artículo: Solution
Última modificación: 10 abr 2021
Versión:  4
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.