Check: VCENTER-000029
VMware vCenter Server Version 5 STIG:
VCENTER-000029
(in versions v2 r1 through v1 r7)
Title
vSphere Client plugins must be verified. (Cat II impact)
Discussion
The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, Web-based functionality. vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.
Check Content
Verify the vSphere Client used by administrators includes only authorized extensions from trusted sources: From the vSphere Client, "Plug-ins>> Manage Plug-ins" and click the Installed Plug-ins tab. View the Installed/Available Plug-ins list and verify they are all identified as authorized VMware, 3rd party (Partner) and/or site-specific (locally developed and site) approved plug-ins. If any Installed/Available plug-ins in the viewable list cannot be verified as vSphere Client plug-ins and/or authorized extensions from trusted sources, this is a finding.
Fix Text
Disable/remove all listed plug-ins that cannot be verified as distributed from trusted sources: From the vSphere client, connect to the vCenter server. On the menu bar, go to "Plug-ins >> Manage Plug-ins". Under Installed Plug-ins, right-click the plug-in of choice and select Disable.
Additional Identifiers
Rule ID: SV-250745r799925_rule
Vulnerability ID: V-250745
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |