Detections
Analytics
ESXI-70-000062 - Use of the dvFilter network application programming interfaces (APIs) must be restricted.
Information
If the organization is not using products that use the dvfilter network API, the host should not be configured to send network information to a virtual machine (VM).If the API is enabled, an attacker might attempt to connect a virtual machine to it, potentially providing access to the network of other VMs on the host.
If using a product that makes use of this API, verify the host has been configured correctly. If not using such a product, ensure the setting is blank.
Solution
From the vSphere Client, go to Hosts and Clusters.Select the ESXi Host >> Configure >> System >> Advanced System Settings.
Click 'Edit'. Select the 'Net.DVFilterBindIpAddress' value and remove any incorrect addresses.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value ''
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_7-0_Y25M04_STIG.zip
Item Details
Audit Name: DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-256423r959010_rule, STIG-ID|ESXI-70-000062, Vuln-ID|V-256423
Plugin: VMware
Control ID: 6aee1e4b48e9e71cc8d76d28f9039a0360933ee67f0df8a1b6d2a1446f18f3d5