vCenter Server plugins must be verified.

An XCCDF Rule

Description

<VulnDiscussion>The vCenter Server includes a vSphere Client extensibility framework, which provides the ability to extend the vSphere Client with menu selections or toolbar icons that provide access to vCenter Server add-on components or external, web-based functionality. vSphere Client plugins or extensions run at the same privilege level as the user. Malicious extensions might masquerade as useful add-ons while compromising the system by stealing credentials or incorrectly configuring the system. Additionally, vCenter comes with a number of plugins preinstalled that may or may not be necessary for proper operation.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258908r934382_rule
Severity: Medium
References: CCI-000381
Updated: 17 days ago

From the vSphere Client, go to Administration >> Solutions >> Client Plug-Ins, click the radio button next to the unknown plug-in, and click "Disable".

If the plugin will not be needed in the future, proceed to uninstall the plug-in.

To uninstall plug-ins, do the following:
If vCenter Server is in linked mode, perform this procedure on the vCenter Server that is used to install the plug-in initially and then restart the vCenter Server services on the linked vCenter Server:

In a web browser, navigate to "http://vCenter_Server_name_or_IP/mob", where "vCenter_Server_name_or_IP/mob" is the name of the vCenter Server or its IP address.

Click "Content".

Click "ExtensionManager".

Select and copy the name of the plug-in to be removed from the list of values under "Properties".

Click "UnregisterExtension". A new window appears.

Paste the name of the plug-in and click "Invoke Method". This removes the plug-in.

Close the window.

Refresh the Managed Object Type:ManagedObjectReference:ExtensionManager window to verify the plug-in is removed successfully.

Note: If the plug-in still appears, restart the vSphere Client.

Note: The Managed Object Browser (MOB) may have to be enabled temporarily if it was disabled previously.

vCenter Server plugins must be verified.

Description

Remediation - Manual Procedure