Check: SRG-APP-000413-UEM-000284
Unified Endpoint Management Server SRG:
SRG-APP-000413-UEM-000284
(in versions v2 r3 through v1 r1)
Title
The UEM server must verify remote disconnection when non-local maintenance and diagnostic sessions are terminated. (Cat II impact)
Discussion
If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Remote connections must be disconnected and verified as disconnected when non-local maintenance sessions have been terminated and are no longer available for use.
Check Content
Verify the UEM server verifies remote disconnection when non-local maintenance and diagnostic sessions are terminated. If the UEM server does not verify remote disconnection when non-local maintenance and diagnostic sessions are terminated, this is a finding.
Fix Text
Configure the UEM server to verify remote disconnection when non-local maintenance and diagnostic sessions are terminated.
Additional Identifiers
Rule ID: SV-234556r961560_rule
Vulnerability ID: V-234556
Group Title: SRG-APP-000413
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002891 |
Verify session and network connection termination after the completion of nonlocal maintenance and diagnostic sessions. |
Controls
| Number | Title |
|---|---|
| MA-4(7) |
Remote Disconnect Verification |