Detections
Analytics
ESXI-06-000062 - The system must prevent unintended use of the dvFilter network APIs.
Information
If you are not using products that make use of the dvfilter network API, the host should not be configured to send network information to a VM. If the API is enabled an attacker might attempt to connect a VM to it thereby potentially providing access to the network of other VMs on the host. If you are using a product that makes use of this API then verify that the host has been configured correctly. If you are not using such a product make sure the setting is blank.Solution
From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Net.DVFilterBindIpAddress setting and remove any incorrect addresses.or
From a PowerCLI command prompt while connected to the ESXi host run the following command:
Get-VMHost | Get-AdvancedSetting -Name Net.DVFilterBindIpAddress | Set-AdvancedSetting -Value ''
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip
Item Details
Audit Name: DISA VMware vSphere ESXi 6.0 STIG v1r5
Category: ACCESS CONTROL
References: 800-53|AC-3, CAT|II, CCI|CCI-000366, Group-ID|V-63293, Rule-ID|SV-77783r1_rule, STIG-ID|ESXI-06-000062, Vuln-ID|V-63293
Plugin: VMware
Control ID: 54cf6b4c7ae93aa687c5ed3fba5f00f8fca8f96fc26bd6ca9ff0c0f989aef122