Alert essentials:
A default encryption password has been discovered in Dell’s Compellent Integration Tools for VMware. The flaw allows attackers to extract organization administrator credentials used in vCenter integrations. We recommend updating these default passwords immediately.
Detailed threat description:
Enterprise storage systems by Dell Compellent are often used to manage ESXI environments. Capable of thin provisioning, data snapshots and cloning, and data progression, the storage software has an integration with VMware vCenter.
Dell’s Compellent Integration Tools for VMware (CITV) uses a hardcoded key AES encryption key to encrypt and decrypt CITV configuration files. These files contain vCenter administrator credentials which are provided when integrating storage systems with VMware vCenter. Therefore, a threat actor can extract the encryption key from a JAR file and decrypt the administrator username and password for VMware vCenter.
Impacts on healthcare organizations
Retrieval of the administrator credentials will result in compromise of VMware environments and entire networks.
Affected products / versions
- Dell Compellent SC4020
- Dell Storage SCv2000
- Dell Storage SCv3020
- Dell Storage SCv3000
- Dell Storage SC9000
- Dell Storage SC7020F
- Dell Storage SC7020
- Dell Storage SCv2080
- Dell Storage SC5020F
- Dell Storage SC5020
- Dell Storage SCv2020
- Dell Compellent Series 40
- Dell Storage SC8000
CVE
- CVE-2023-39250
Recommendations
Engineering recommendations:
- Change the default root password of all current appliances using Compellent DSITV and restart the system
- Ensure the default root password of all new appliances using Compellent DSITV is changed
Leadership / Program recommendations:
- Add an organizational policy to remind users to change the default password on any new installs
Fortified recommends applying patches and updates where possible and only after adequate testing in a development environment to ensure stability and compliance with organizational change management policies.
References:
- https://dl.dell.com/content/manual53920915-dell-storage-integration-tools-for-vmware-version-6-1-administrator-s- guide.pdf?language=
- https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration- tools-for-vmware-dsitv-vulnerabilities
- https://winslowtg.com/dell-sc-compellent-formally-announce-end-of-life/
