Sign-up

ID

VAR-201802-0624


CVE

CVE-2018-1214


TITLE

Dell EMC SupportAssist Enterprise Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-002163

DESCRIPTION

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1. Dell EMC SupportAssist Enterprise Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC SupportAssist Enterprise is a software provided by Dell in the United States to provide online . The software can automatically provide technical support for server, storage, network and chassis equipment, including hardware detection and so on. An attacker could exploit this vulnerability to take control of the system

Trust: 1.71

sources: NVD: CVE-2018-1214 // JVNDB: JVNDB-2018-002163 // VULHUB: VHN-122069

AFFECTED PRODUCTS

vendor:dellmodel:emc supportassist enterprisescope:eqversion:1.1

Trust: 2.4

sources: JVNDB: JVNDB-2018-002163 // CNNVD: CNNVD-201802-386 // NVD: CVE-2018-1214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1214
value: HIGH

Trust: 1.0

NVD: CVE-2018-1214
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-386
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122069
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1214
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-122069
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1214
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122069 // JVNDB: JVNDB-2018-002163 // CNNVD: CNNVD-201802-386 // NVD: CVE-2018-1214

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.9

sources: VULHUB: VHN-122069 // JVNDB: JVNDB-2018-002163 // NVD: CVE-2018-1214

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201802-386

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201802-386

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-002163

PATCH
title:Dell|EMC SupportAssist Enterprise( サーバ、ストレージ、ネットワーキング )- 掲載されデフォルトアカウントの脆弱性url:http://www.dell.com/support/article/us/en/04/sln308843/dell-emc-supportassist-enterprise-server-storage-networking-undocumented-default-account-vulnerability
Trust: 0.8
title:Dell EMC SupportAssist Enterprise Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78478
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-002163 // 
            
            
            
            CNNVD: CNNVD-201802-386

EXTERNAL IDS
db:NVDid:CVE-2018-1214
Trust: 2.5
db:JVNDBid:JVNDB-2018-002163
Trust: 0.8
db:CNNVDid:CNNVD-201802-386
Trust: 0.7
db:VULHUBid:VHN-122069
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122069 // 
            
            
            
            JVNDB: JVNDB-2018-002163 // 
            
            
            
            CNNVD: CNNVD-201802-386 // 
            
            
            
            NVD: CVE-2018-1214

REFERENCES
url:http://www.dell.com/support/article/us/en/04/sln308843/dell-emc-supportassist-enterprise-server-storage-networking-undocumented-default-account-vulnerability
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1214
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1214
Trust: 0.8
sources:
            
            
            VULHUB: VHN-122069 // 
            
            
            
            JVNDB: JVNDB-2018-002163 // 
            
            
            
            CNNVD: CNNVD-201802-386 // 
            
            
            
            NVD: CVE-2018-1214

SOURCES
db:VULHUBid:VHN-122069
db:JVNDBid:JVNDB-2018-002163
db:CNNVDid:CNNVD-201802-386
db:NVDid:CVE-2018-1214

LAST UPDATE DATE
2024-11-23T22:41:58.554000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122069date:2018-03-12T00:00:00
db:JVNDBid:JVNDB-2018-002163date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201802-386date:2018-02-13T00:00:00
db:NVDid:CVE-2018-1214date:2024-11-21T03:59:24.257

SOURCES RELEASE DATE
db:VULHUBid:VHN-122069date:2018-02-12T00:00:00
db:JVNDBid:JVNDB-2018-002163date:2018-03-28T00:00:00
db:CNNVDid:CNNVD-201802-386date:2018-02-13T00:00:00
db:NVDid:CVE-2018-1214date:2018-02-12T21:29:00.230