Virtual machines (VMs) must have paste operations disabled.
An XCCDF Rule
Description
<VulnDiscussion>Copy and paste operations are disabled by default; however, explicitly disabling this feature will enable audit controls to verify this setting is correct. Copy, paste, drag and drop, or GUI copy/paste operations between the guest operating system and the remote console could provide the means for an attacker to compromise the VM.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258705r959010_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
For each virtual machine do the following:
From the vSphere Client, right-click the Virtual Machine and go to Edit Settings >> Advanced Parameters.
Find the "isolation.tools.paste.disable" value and set it to "true".