STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 vCenter Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

vCenter Server plugins must be verified.

DISA Rule

SV-243097r719534_rule

Vulnerability Number

V-243097

Group Title

SRG-APP-000516

Rule Version

VCTR-67-000035

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins.

Click the radio button next to the unknown plug-in and click disable. Proceed to uninstall the plug-in.

To remove plug-ins:

If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server.

In a web browser, navigate to http://vCenter_Server_name_or_IP/mob.

vCenter_Server_name_or_IP/mob is the name of the vCenter Server or its IP address.

Click "Content".

Click "ExtensionManager".

Select and copy the name of the plug-in to be removed from the list of values under "Properties".

Click "UnregisterExtension". A new window appears.

Paste the name of the plug-in and click "Invoke Method". This removes the plug-in.

Close the window.

Refresh the "Managed Object Type:ManagedObjectReference:ExtensionManager" window to verify that the plug-in is removed successfully.

Note: If the plug-in still appears, restart the vSphere Client.

Note: Enable the Managed Object Browser (MOB) temporarily if it was previously disabled.

Check Contents

Verify the vSphere Client used by administrators includes only authorized extensions from trusted sources.

From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins.

View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, third-party (partner), and/or site-specific approved plug-ins.

If any Installed/Available plug-ins in the viewable list cannot be verified as an allowed vSphere Client plug-ins from trusted sources, this is a finding.

Vulnerability Number

V-243097

Documentable

False

Rule Version

VCTR-67-000035

Severity Override Guidance

Verify the vSphere Client used by administrators includes only authorized extensions from trusted sources.

From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins.

View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, third-party (partner), and/or site-specific approved plug-ins.

If any Installed/Available plug-ins in the viewable list cannot be verified as an allowed vSphere Client plug-ins from trusted sources, this is a finding.

Check Content Reference

M

Target Key

5399

Comments