Details

If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can then use this information to plan an attack.

Solution

To disable SNMP, run the following command from a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false

or

From a console or ssh session, run the follow command:

esxcli system snmp set -e no

To configure SNMP for v3 targets, use the ‘esxcli system snmp set’ command set.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Rule-ID|SV-239307r674850_rule
• STIG-ID|ESXI-67-000053
• STIG-Legacy|SV-104139
• STIG-Legacy|V-94053
• Vuln-ID|V-239307

Source

• Tenable.com/audits