Detections
Analytics
VMCH-80-000192 Virtual machines (VMs) must have paste operations disabled.
Information
Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.Solution
For each virtual machine do the following:From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> Advanced Parameters.
Find the "isolation.tools.paste.disable" value and set it to "true".
If the setting does not exist no action is needed.
or
From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:
Get-VM "VM Name" | Get-AdvancedSetting -Name isolation.tools.paste.disable | Set-AdvancedSetting -Value true
Note: The VM must be powered off to configure the advanced settings through the vSphere Client. Therefore, it is recommended to configure these settings with PowerCLI as this can be done while the VM is powered on. Settings do not take effect via either method until the virtual machine is cold started, not rebooted.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|III, CCI|CCI-000366, Rule-ID|SV-258705r959010_rule, STIG-ID|VMCH-80-000192, Vuln-ID|V-258705
Plugin: VMware
Control ID: 7d853eefa926e4a710da369829a2220e46e19c6d531d168a224f3846c811dbd7