The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.

An XCCDF Rule

Details
Profiles

Description

If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack.

ID: SV-258767r959010_rule
Version: ESXI-80-000212
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

To disable SNMP from an ESXi shell, run the following command:

# esxcli system snmp set -e no

or
From a PowerCLI command prompt while connected to the ESXi Host:

Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false

The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.

Description

Remediation Templates

A Manual Procedure