Dell EMC VxFlex

2024: FSTEC warns: Attackers can hijack Dell EMC hardware management system

FSTEC sent a warning about the discovery in mid-December of a critical vulnerability BDU:2024-10933^[1]is present in Dell EMC PowerFlex hardware and software storage and information processing solutions (formerly known as VxFlex OS and ScaleIO). The described error allows the violator with minimal authority to execute arbitrary code on the attacked system. It has a rating of 10 out of 10 according to the CVSS classification and has already been fixed by the manufacturer.

The vulnerability was discovered in the following products: Dell EMC PowerFlex hyperconverged storage systems (appliance versions - from 46.381.00 to 46.376.00, rack - from 3.8.1.0 to 3.7.6.0, custom node - to 4.6.1.0), Dell InsightIQ storage monitoring and management tools (up to version 5.1.1) and an integrated platform for working with Dell Data Lakehouse data (up to version 1.2.0.0). The error is related to an incorrect definition of the link before accessing the file, which allows an attacker to bypass the authentication procedure and execute the code loaded into the system.

In the domestic market, such solutions are quite noticeable, especially among large businesses, "Kirill Belyaev, a leading expert in the department of applied systems at the Angara Security design center, told TAdviser. - Many organizations focused on scalable and reliable information storage and processing, including financial, telecommunications, and industrial enterprises, have long used Dell PowerFlex, InsightIQ, Data Lakehouse, and other similar products. Before the introduction of restrictive measures, foreign decisions were widespread. Now, of course, there is a tendency to switch to domestic software and equipment, but some companies continue to use imported systems, since they are already integrated into the existing infrastructure and business processes.

𝓲

Freepik

Although it is clear that storage systems that have accumulated large amounts of data, operate at high speeds and are critical for business, it will not be possible to quickly replace them. However, some experts are not inclined to exaggerate the popularity of Dell EMC storage systems. There are other, more common leaders among manufacturers of such solutions.

Dell hardware is not as common as HP, for example, so the scale of the likely exploitation of the identified vulnerability is likely to be small, "Nikolai Peretyagin, product manager at NGR Softlab, shared his forecasts with TAdviser. - In addition, if we talk about the protection of data centers, then those companies that not only on paper, but also actually implement the information security requirements of the FSTEC of Russia, most likely, ensured the protection of this equipment and the data stored there much earlier. From the point of view of likely vulnerabilities in similar software of other vendors, repetition is possible, and even on a large scale, so it is useful to implement the regulator's recommendations in any case, regardless of the equipment supplier.

At the same time, the criticality of the detected error is assessed quite high - it assumes the possibility of easy remote operation. Of course, to do this, the attacker needs to access the interface of the corresponding software. That is, it is highly likely that this vulnerability will be exploited for the so-called horizontal movement within the corporate infrastructure.

Judging by data from the manufacturer's website and CVSS 10.0 assessment, the vulnerability is critical. In fact, it gives the attacker remote access and the ability to run any code on a vulnerable device, - said Kirill Belyaev. - This means that the attack can be reduced not just to the theft of some data, but to complete control over the system. Given the availability of technical information and the experience of hackers, we may well see attempts at mass exploitation. If a working exploit appears on the attackers' network, many companies that did not have time to update in time may suffer at once.

However, according to FSTEC, no exploit for this vulnerability has yet been found in the public field. Nevertheless, Russian users may well have problems installing updates - Dell has closed its resources for access from Russia, so you need to use parallel import channels to receive updates. For those who cannot do this, FSTEC recommends taking the following compensatory actions:

• Use a whitelist of IP addresses to limit connectivity to vulnerable products
• Limit access to vulnerable products from the Internet
• Use firewalls to limit remote access to vulnerable products
• use secure communication channels to organize remote access.

The likelihood of exploiting vulnerabilities appears only when it is possible to access the appropriate hardware or software, - Oleg Bosenko, director of the cybersecurity department, explained the situation for TAdviser readers. IBS- It is clear that this is not about direct physical access. The functionality of remote access when penetrating the protected perimeter may well make it possible to exploit the vulnerability. Given that vulnerabilities are published on specialized resources with enviable regularity in server software, blocking the exploitation of the vulnerability should include several sequential steps.

According to Oleg Bosenko, protection against such vulnerabilities in proprietary software for managing foreign equipment should contain the following mandatory elements:

• protection against unauthorized access on both the external and internal perimeters as a whole;
• monitoring of physical and remote access to server equipment by technical support personnel;
• independent monitoring and analysis of the correct operation of the equipment using a third-party application, and not the manufacturer's system itself.

The traditional advice to install updates from trusted sources in this situation is completely inapplicable, - laments Igor Korchagin, head of the information security department of IVK JSC. - Russian users cannot do this because they are blocked from accessing Dell's public resources. It is possible to strengthen the protection of corporate resources by introducing Russian firewall tools and other solutions to ensure network security. However, the use of any imposed information security means will be exclusively compensatory in nature, but will not close the problem at the root. You can resolve the security situation of Dell equipment only in one way - replace the equipment with Russian counterparts.

2019: Dell EMC VxFlex Introduction

On May 21, 2019, Dell Technologies introduced the Dell EMC VxFlex Specialty Device - a turnkey optimized system that is part of Dell EMC's portfolio of hyperconverged solutions and helps customers upgrade their IT infrastructure with a cost-effective, smaller form factor that can scale as needs grow. This addition is due to the fact that Dell EMC combines its integrated HCI systems with support for VxFlex OS under a common brand - VxFlex. This brand includes both the introduced VxFlex device and the integrated VxFlex rack (formerly VxRack FLEX).

The Dell EMC VxFlex family offers customers who do not exclusively use ON VMware additional choice operating systems and support for high-performance applications and. databases With the expansion of the VxFlex portfolio, customers who need a turnkey solution but do not need a larger integrated VxFlex rack can now choose a smaller solution with the same scalability and uncompromising reliability benefits, as well as flexible network options.

The integrated VxFlex rack will be complemented by system components for improved performance, automation, and security, enabling customers to meet further requirements for scalability and management of the modern data center. The entire VxFlex family, which also includes Dell EMC VxFlex Ready nodes, will be equipped with Dell EMC VxFlex OS 3.0 software for higher storage efficiency.