N/A

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1.

N/A

N/A

Dell EMC SupportAssist Enterprise 安全漏洞

Dell EMC SupportAssist Enterprise是美国戴尔（Dell）公司的一款为戴尔设备提供在线支持的软件。该软件能够自动为服务器、存储、网络和机箱设备提供技术支持，包括硬件检测等。 Dell EMC SupportAssist Enterprise 1.1版本中存在安全漏洞，该漏洞源于在安装过程中创建的‘OMEAdapterUser’本地Windows用户账户带有默认密码，并且该账户一直存在。攻击者可利用该漏洞控制系统。

N/A

N/A