A high-impact vulnerability in Dell Compellent storage arrays has raised concerns about the security of enterprise VMware environments. While Dell Compellent reached its end of life in 2019 and holds less than a 1% share of the data storage market, organizations that still use Dell storage integrated with VMware environments need to be aware of the potential risks associated with this vulnerability.
The vulnerability in question is known as CVE-2023-39250 and affects Dell storage integrated with VMware environments. It was recently demonstrated by Tom Pohl, the penetration testing team manager at LMG Security, at DEF CON 31. Pohl showed how an attacker inside an enterprise network can identify and decode a private key associated with VMware’s centralized management utility through Dell Compellent. This would allow the attacker to take over the entire VMware environment.
What makes this vulnerability even more concerning is that the private key is the same for every Dell customer. This means that if one organization’s Dell Compellent system is compromised, it could lead to a compromise across other organizations as well. Pohl emphasized the significance of this vulnerability, stating, “This is just a real concrete example of how a private key in software can lead to complete network compromise of your organization.”
The issue lies in the way Dell Compellent stores administrator credentials for VMware vCenter in its configuration files. While the credentials are not stored in clear text, Pohl discovered an AES static key stored in the source code after decompiling the Java class responsible for decryption. Using CyberChef, Pohl was able to extract a clear text password, which allowed him to log into vCenter and gain full control over the environment.
Despite the severity of this vulnerability, Dell has not yet released a patch for it. LMG Security, the company behind the demonstration at DEF CON 31, had previously disclosed the vulnerability to Dell. However, the responsible disclosure window has passed, and Dell is expected to issue a patch only in the fall. The complexity of designing a sufficient fix may be contributing to the delay.
Complicating matters further is the fact that Dell Compellent has already reached its end of life. According to Dell’s documentation, the company is not obligated to provide continued support or maintenance for the software beyond its end of life. This raises concerns about the level of support and urgency that Dell may allocate to this vulnerability.
In the meantime, organizations that still utilize Dell Compellent and VMware environments are advised to take steps to harden their systems. Pohl suggests implementing network segmentation to prevent malicious users from accessing critical infrastructure, such as the connection between the storage platform and vCenter. By strictly controlling access and limiting the ability of unauthorized users to interact with important systems, organizations can reduce the risk of exploitation.
As the vulnerability remains unpatched, organizations must remain vigilant and proactive in protecting their VMware environments. The potential consequences of a network compromise could be severe, and organizations that continue to use Dell Compellent need to take the necessary precautions to mitigate the risks associated with this vulnerability.