VCTR-67-000035 - vCenter Server plugins must be verified.

Information

The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality.

vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins.

Click the radio button next to the unknown plug-in and click disable. Proceed to uninstall the plug-in.

To remove plug-ins:

If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server.

In a web browser, navigate to http://vCenter_Server_name_or_IP/mob.

vCenter_Server_name_or_IP/mob is the name of the vCenter Server or its IP address.

Click 'Content'.

Click 'ExtensionManager'.

Select and copy the name of the plug-in to be removed from the list of values under 'Properties'.

Click 'UnregisterExtension'. A new window appears.

Paste the name of the plug-in and click 'Invoke Method'. This removes the plug-in.

Close the window.

Refresh the 'Managed Object Type:ManagedObjectReference:ExtensionManager' window to verify that the plug-in is removed successfully.

Note: If the plug-in still appears, restart the vSphere Client.

Note: Enable the Managed Object Browser (MOB) temporarily if it was previously disabled.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-243097r879887_rule, STIG-ID|VCTR-67-000035, Vuln-ID|V-243097

Plugin: VMware

Control ID: bc26d45b6d76d2e4c12e161ca30e8bc68c82128c421cd6e819c54ebb67863b1c