The ESXi host OpenSLP service must be disabled.
An XCCDF Rule
Description
<VulnDiscussion>OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256435r886086_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the vSphere Client go to Hosts and Clusters.
Select the ESXi Host >> Configure >> System >> Services.
Select the "slpd" service. If the service is started, click "Stop".