STIGQter: STIG Summary: VMware vSphere 6.7 Virtual Machine Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

Unauthorized CD/DVD devices must be disconnected on the virtual machine.

DISA Rule

SV-239340r679569_rule

Vulnerability Number

V-239340

Group Title

SRG-OS-000480-VMM-002000

Rule Version

VMCH-67-000009

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client right-click the Virtual Machine and go to Edit Settings. Select the CD/DVD drive and uncheck "Connected" and "Connect at power on" and remove any attached ISOs.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM "VM Name" | Get-CDDrive | Set-CDDrive -NoMedia

Check Contents

From the vSphere Web Client right-click the Virtual Machine and go to Edit Settings. Review the VMs hardware and verify no CD/DVD drives are connected.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent,Name

If a virtual machine has a CD/DVD drive connected other than temporarily, this is a finding.

Vulnerability Number

V-239340

Documentable

False

Rule Version

VMCH-67-000009

Severity Override Guidance

From the vSphere Web Client right-click the Virtual Machine and go to Edit Settings. Review the VMs hardware and verify no CD/DVD drives are connected.

or

From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command:

Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent,Name

If a virtual machine has a CD/DVD drive connected other than temporarily, this is a finding.

Check Content Reference

M

Target Key

5327

Comments