Detections
Analytics
VCSA-80-000057 - vCenter Server plugins must be verified.
Information
The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.
Additionally, vCenter comes with a number of plugins preinstalled that may or may not be necessary for proper operation.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins, click the radio button next to the unknown plug-in, and click "Disable".If the plugin will not be needed in the future, proceed to uninstall the plug-in.
To uninstall plug-ins, do the following:
If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server:
In a web browser, navigate to "http://vCenter_Server_name_or_IP/mob", where "vCenter_Server_name_or_IP/mob" is the name of the vCenter Server or its IP address.
Click "Content".
Click "ExtensionManager".
Select and copy the name of the plug-in to be removed from the list of values under "Properties".
Click "UnregisterExtension". A new window appears.
Paste the name of the plug-in and click "Invoke Method". This removes the plug-in.
Close the window.
Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify the plug-in is removed successfully.
Note: If the plug-in still appears, restart the vSphere Client.
Note: The Managed Object Browser (MOB) may have to be enabled temporarily if it was disabled previously.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y25M07_STIG.zip
Item Details
Audit Name: DISA VMware vSphere 8.0 vCenter STIG v2r3
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|II, CCI|CCI-000381, Rule-ID|SV-258908r960963_rule, STIG-ID|VCSA-80-000057, Vuln-ID|V-258908
Plugin: VMware
Control ID: d730ddd531c7786826a52a07c45c2d794a28127601338e0377c58581516587e9