UCF STIG Viewer Logo

Virtual machine rollbacks are performed when virtual machine is connected to the network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15905 ESX1090 SV-16847r1_rule ECSC-1 Low
Description
Virtual machines may be rolled back to a previous state. Rolling back a virtual machine can re-expose patched vulnerabilities, re-enable previously disabled accounts or passwords, remove log files of a machine, use previously retired encryption keys, and change firewalls to expose vulnerabilities. Rolling back virtual machines can also reintroduce malicious code, and protocols reusing TCP sequence numbers that had been previously removed, which could allow TCP hijacking attacks.
STIG Date
VMware ESX 3 Policy 2016-05-03

Details

Check Text ( C-16265r1_chk )
Ask the IAO/SA the process used for virtual machine rollbacks. If no process is used that includes disconnecting the virtual machine from the network before performing a revert to snapshot or rollback, this is a finding.
Fix Text (F-15866r1_fix)
Disconnect from the network or power off the virtual machine before rollbacks.