Detections
Analytics
VCTR-67-000035 - vCenter Server plugins must be verified.
Information
The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins.Click the radio button next to the unknown plug-in and click disable. Proceed to uninstall the plug-in.
To remove plug-ins:
If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server.
In a web browser, navigate to http://vCenter_Server_name_or_IP/mob.
vCenter_Server_name_or_IP/mob is the name of the vCenter Server or its IP address.
Click 'Content'.
Click 'ExtensionManager'.
Select and copy the name of the plug-in to be removed from the list of values under 'Properties'.
Click 'UnregisterExtension'. A new window appears.
Paste the name of the plug-in and click 'Invoke Method'. This removes the plug-in.
Close the window.
Refresh the 'Managed Object Type:ManagedObjectReference:ExtensionManager' window to verify that the plug-in is removed successfully.
Note: If the plug-in still appears, restart the vSphere Client.
Note: Enable the Managed Object Browser (MOB) temporarily if it was previously disabled.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 vCenter v1r4
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-243097r879887_rule, STIG-ID|VCTR-67-000035, Vuln-ID|V-243097
Plugin: VMware
Control ID: bc26d45b6d76d2e4c12e161ca30e8bc68c82128c421cd6e819c54ebb67863b1c