"Dell Credentials Bug Opens VMWare Environments to Takeover"

Credentials hardcoded in the Dell Compellent storage array service could allow attackers to take control of enterprise VMware environments in organizations using both services. According to Enlyft, Dell Compellent reached its end of life in 2019. However, organizations that continue to use Dell storage integrated with VMWare environments must be aware of CVE-2023-39250, a "high" severity vulnerability that affects these systems. Tom Pohl, penetration testing team manager at LMG Security, demonstrates how an adversary within an enterprise network can identify and decode a private key associated with VMWare's centralized management utility via Dell Compellent, gaining complete control over a VMware environment. Since the key is the same for all Dell customers, a compromise at one organization could easily translate to a compromise at any other organization. According to Pohl, this is a real-world example of how a private key in software can lead to the complete compromise of an organization's network. This article continues to discuss the potential exploitation and impact of the Dell credentials bug. 

Dark Reading reports "Dell Credentials Bug Opens VMWare Environments to Takeover"