Dell AIOps Collector
CVE-2026-32652
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local console access required (AV:L) with a low-privileged account (PR:L); default credentials make complexity low (AC:L) and yield full filesystem control, so C/I/A all High.
Primary rating from Vendor (dell).
CVSS VectorVendor: dell
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earlier than 1.18.3. Systems that have been upgraded (either manually or automatically) to version 1.18.3 or later are not impacted, even if they were originally installed on an earlier version.
AnalysisAI
Local privilege escalation in Dell AIOps Collector versions prior to 1.18.3 allows a low-privileged attacker with console access to obtain filesystem-level access by abusing default credentials shipped with fresh installations. The flaw only affects systems freshly installed at an earlier version; upgraded hosts are not impacted. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) the Collector host to be a fresh installation of a Dell AIOps Collector version earlier than 1.18.3 - hosts upgraded to 1.18.3+ are explicitly out of scope even if originally installed on a vulnerable version; (2) the attacker to already possess low-privilege console access to that host (CVSS AV:L, PR:L), which rules out purely remote/network-only exploitation; and (3) the default credentials on the Collector to remain unrotated since install. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 7.8 score with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H is consistent with the description: an attacker who already has low-privilege console (local) access can use known default credentials to escalate to full filesystem-level read/write, yielding high impact across C/I/A within an unchanged scope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already has a low-privilege local/console session on a server running a freshly installed Dell AIOps Collector older than 1.18.3 authenticates to the Collector using the known default credentials and pivots to filesystem-level access, allowing them to read sensitive telemetry/config (including any cached secrets or API tokens used to talk to monitored systems), modify Collector behavior, or stage further lateral movement. No public exploit identified at time of analysis, but CWE-1392 issues are typically trivial to weaponize once the default credential value is known. |
| Remediation | Vendor-released patch: Dell AIOps Collector 1.18.3 - upgrade all affected fresh installations to 1.18.3 or later per Dell DSA-2026-231 (https://www.dell.com/support/kbdoc/en-in/000477931/dsa-2026-231-security-update-for-dell-aiops-collector-for-default-credential-vulnerability), which is the authoritative fix and which, once applied, persists across subsequent upgrades. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Dell AIOps Collector prior to version 1.18.3 using inventory or asset management tools. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1392 – Use of Default Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today