STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

vCenter Server for Windows plugins must be verified.

DISA Rule

SV-216857r612237_rule

Vulnerability Number

V-216857

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000035

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client go to Administration >> Solutions >> Client Plug-Ins and right click the unknown plug-in and click disable then proceed to remove the plug-in.

To remove plug-ins do the following:

If you have vCenter Server in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially, then restart the vCenter Server services on the linked vCenter Server.

In a web browser, navigate to http://vCenter_Server_name_or_IP/mob.

Where vCenter_Server_name_or_IP/mob is the name of your vCenter Server or its IP address.

Click Content.

Click ExtensionManager.

Select and copy the name of the plug-in you want to remove from the list of values under Properties. For a list of default plug-ins, see the Additional Information section of this article.

Click UnregisterExtension. A new window appears.

Paste the name of the plug-in and click Invoke Method. This removes the plug-in.

Close the window.

Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify that the plug-in is removed successfully.

Note: If the plug-in still appears, you may have to restart the vSphere Client.

Note: You may have to enable the Managed Object Browser (MOB) temporarily if previously disabled.

Check Contents

Verify the vSphere Client used by administrators includes only authorized extensions from trusted sources.

From the vSphere Web Client go to Administration >> Solutions >> Client Plug-Ins. View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, Third-party (Partner) and/or site-specific (locally developed and site) approved plug-ins.

If any Installed/Available plug-ins in the viewable list cannot be verified as vSphere Client plug-ins and/or authorized extensions from trusted sources, this is a finding.

Vulnerability Number

V-216857

Documentable

False

Rule Version

VCWN-65-000035

Severity Override Guidance

Verify the vSphere Client used by administrators includes only authorized extensions from trusted sources.

From the vSphere Web Client go to Administration >> Solutions >> Client Plug-Ins. View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, Third-party (Partner) and/or site-specific (locally developed and site) approved plug-ins.

If any Installed/Available plug-ins in the viewable list cannot be verified as vSphere Client plug-ins and/or authorized extensions from trusted sources, this is a finding.

Check Content Reference

M

Target Key

4030

Comments