VMCH-67-000019 - Access to virtual machines through the dvfilter network APIs must be controlled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

An attacker might compromise a VM by making use the dvFilter API. Configure only those VMs to use the API that need this access.

Solution

From the vSphere Web Client right-click the Virtual Machine and go to Edit Settings >> VM Options >> Advanced >> Configuration Parameters >> Edit Configuration. Look for settings with the format ethernet*.filter*.name. Ensure only required VMs use this setting.

Note: The VM must be powered off to configure the advanced settings through the vSphere Web Client so it is recommended to configure these settings with PowerCLI as it can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM 'VM Name' | Get-AdvancedSetting -Name ethernetX.filterY.name | Remove-AdvancedSetting

Note: Change the X and Y values to match the specific setting in your environment.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M10_STIG.zip

Item Details

References: CAT|III, CCI|CCI-000366, Rule-ID|SV-239350r679599_rule, STIG-ID|VMCH-67-000019, Vuln-ID|V-239350

Plugin: VMware

Control ID: 297c0b1bf469efb934061079056b7be9fb9d6392e55abc5f8b71d42ff618633b