Detections
Analytics
ESXI-67-000062 - The ESXi host must prevent unintended use of the dvFilter network APIs.
Information
If the organization is not using products that use the dvfilter network API, the host should not be configured to send network information to a VM.If the API is enabled, an attacker might attempt to connect a VM to it, potentially providing access to the network of other VMs on the host. If the organization is using a product that uses this API, verify that the host has been configured correctly. If the organization is not using such a product, ensure the setting is blank.
Solution
From the vSphere Client, select the ESXi Host and go to Configure >> System >> Advanced System Settings.Click 'Edit', select the 'Net.DVFilterBindIpAddress' value, and remove any incorrect addresses.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value ''
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 ESXi v1r3
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-239316r674877_rule, STIG-ID|ESXI-67-000062, Vuln-ID|V-239316
Plugin: VMware
Control ID: f3bf502c5dc187fe6459ce5a825398c4b91532ac4546aee2153fd2d5bf677a97