CVE-2018-1214

Name of the Vulnerable Software and Affected Versions Dell EMC SupportAssist Enterprise versions 1.1 through 1.2

Description The issue arises from the creation of a local Windows user account named OMEAdapterUser with a default password during the installation of Dell EMC SupportAssist Enterprise. This account remains after upgrading from version 1.1 to 1.2. Knowledge of the default password can allow unauthorized access to the management console. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser account is added to the OmeAdministrators group, potentially allowing an unauthorized person with the default password to gain access to the affected OME installation with OmeAdministrators privileges.

Recommendations For versions 1.1 through 1.2, update to version 1.2.1 to resolve the issue.