Details

The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, Web-based functionality. vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system.

Solution

Disable/remove all listed plug-ins that cannot be verified as distributed from trusted sources:
From the vSphere client, connect to the vCenter server.
On the menu bar, go to ‘Plug-ins >> Manage Plug-ins’.
Under Installed Plug-ins, right-click the plug-in of choice and select Disable.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Group-ID|V-39564
• Rule-ID|SV-250745r799925_rule
• STIG-ID|VCENTER-000029
• STIG-Legacy|SV-51422
• STIG-Legacy|V-39564
• Vuln-ID|V-250745

Source

• Tenable.com/audits