[German]Dell EMC SupportAssist Enterprise 1.1 has an undocumented default account vulnerability (Windows OS Management Station version only, Linux versions of SupportAssist Enterprise v1.1 and upgrade to v1.2 are not affected by this issue). Here are a few more details.
Dell has released a Security Advisory Dell EMC SupportAssist Enterprise (Server, Storage, Networking) – Undocumented Default Account Vulnerability on January 31, 2018. Dell’s EMC SupportAssist Enterprise version 1.1 has a critical vulnerability CVE-2018-1214.
Vulnerability CVE-2018-1214 in SupportAssist Enterprise
SupportAssist Enterprise version 1.1 creates a local windows user account named “OMEAdapterUser” with a default password as part of the installation process. This unnecessary user account also remains even after upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password.
If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges.
Workaround and Fix
A simple workaround: OmeAdapterUser user account can be deleted manually. Deleting this user account does not affect the functionality of SupportAssist Enterprise or OpenManage Essentials. To mitigate the vulnerability, install Dell EMC SupportAssist Enterprise version 1.2.1 immediately. This update contains resolutions to these vulnerabilities.
Customers can download software from the Dell EMC SupportAssist Enterprise Version 1.2.1 Windows Management Server page.
Cookies helps to fund this blog: Cookie settings