Detections
Analytics

VMCH-06-000041 - The system must control access to VMs through the dvfilter network APIs.

Information

An attacker might compromise a VM by making use the dvFilter API. Configure only those VMs that need this access to use the API.

Solution

From a PowerCLI command prompt while connected to the ESXi host or vCenter server run the following command:

Get-VM 'VM Name' | Get-AdvancedSetting -Name ethernetX.filterY.name | Remove-AdvancedSetting

Note: Change the X and Y values to match the specific setting in your environment.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_Virtual_Machine_V1R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CAT|III, CCI|CCI-000366, Group-ID|V-64119, Rule-ID|SV-78609r1_rule, STIG-ID|VMCH-06-000041, Vuln-ID|V-64119

Plugin: VMware

Control ID: 239bf76d21c73067e72668a1de84ff798abacfb271760015e2fb5b4023bf2075