How severe is CVE-2018-1214?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2018-1214?

This is classified as CWE-798, which is a common weakness in software security.

CVE-2018-1214 - HIGH Severity | CVSS 7

Vulnerability Description

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account also remains even after an upgrade from v1.1 to v1.2. Access to the management console can be achieved by someone with knowledge of the default password. If SupportAssist Enterprise is installed on a server running OpenManage Essentials (OME), the OmeAdapterUser user account is added as a member of the OmeAdministrators group for the OME. An unauthorized person with knowledge of the default password and access to the OME web console could potentially use this account to gain access to the affected installation of OME with OmeAdministrators privileges. This is fixed in version 1.2.1.

Related Vulnerabilities

CVE-2023-25187

HIGH

CVSS:7.0(High)

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values th...

CWE-7982023

CVE-2018-4017

HIGH

CVSS:7.1(High)

An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device...

CWE-7982018

CVE-2020-16258

HIGH

CVSS:7.1(High)

Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials.

CWE-7982020

CVE-2023-52723

HIGH

CVSS:7.1(High)

In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.

CWE-7982023

CVE-2024-27168

HIGH

CVSS:7.1(High)

It appears that some hardcoded keys are used for authentication to internal API. Knowing these private keys may allow attackers to bypass authentication and reach administrative interfaces. As for the...

CWE-7982024

CVE-2017-5230

HIGH

CVSS:7.2(High)

The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides stor...

CWE-7982017