VCENTER-000007 - The managed object browser must be disabled, at all times, when not required for the purpose of troubleshooting or maintenance of managed objects.

Gavin M. Dennis

22 April 2022 15:01

Details

The managed object browser provides a way to explore the object model used by the vCenter to manage the vSphere environment; it enables configurations to be changed as well. This interface is used primarily for debugging, and might potentially be used to perform malicious configuration changes or actions.

NOTE: Please review the benchmark to ensure target compliance.

Solution

If the datastore browser is enabled and required for object maintenance, no fix is immediately required.

Disable the managed object browser:
Determine the location of the vpxd.cfg file on the Windows host.
Edit the file and locate the ... element.
Ensure the following element is set. false

Restart the vCenter Service to ensure the configuration file change(s) are in effect.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

800-53|CM-6b.
CAT|III
CCI|CCI-000366
Group-ID|V-39547
Rule-ID|SV-250729r799877_rule
STIG-ID|VCENTER-000007
STIG-Legacy|SV-51405
STIG-Legacy|V-39547
Vuln-ID|V-250729

Source

Tenable.com/audits

PS. Before you go.

Request a quote to protect your organisation from cyber attacks and breaches.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section