In an important development concerning the Dell Compellent storage system for VMware (CITV), a critical vulnerability has been discovered. This vulnerability relates to a fixed encryption key, which can be leveraged by attackers to decrypt vital accounting data belonging to the Vcenter administrator and obtain an open password.
The vulnerability, known as CVE-2023-39250, stems from the use of a static Aes encryption key. This key is responsible for encrypting the Vcelenter accounting data stored in the Program configurations file. More information regarding this vulnerability can be found here.
Dell Compellenent is a renowned range of corporate data storage systems that offer seamless integration with VMware Vcenter. The latter is an influential platform utilized for managing and controlling virtual machines.
VMware ESXI serves as a widely adopted solution in corporate environments for creating and managing virtual infrastructures. It boasts various functionalities, including the ability to migrate virtual machines between physical servers, manage resource reservations, and provide network virtualization, among others. ESXI also seamlessly integrates with other essential VMware products, such as VMware Vcenter Server, facilitating centralized control and monitoring of virtual media.