Host Guest File System (HGFS) file transfers must be disabled on the virtual machine (VM).
An XCCDF Rule
Description
<VulnDiscussion>Setting "isolation.tools.hgfsServerSet.disable" to "true" disables registration of the guest's HGFS server with the host. Application Programming Interfaces (APIs) that use HGFS to transfer files to and from the guest operating system, such as some VIX commands, will not function. An attacker could use this to transfer files inside the guest operating system.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-256456r886411_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> VM Options >> Advanced >> Configuration Parameters >> Edit Configuration.
Find the "isolation.tools.hgfsServerSet.disable" value and set it to "true".
If the setting does not exist, add the Name and Value setting at the bottom of screen.