UCF STIG Viewer Logo

Virtual machine rollbacks are performed when virtual machine is connected to the network.


Finding ID Version Rule ID IA Controls Severity
V-15905 ESX1090 SV-16847r1_rule ECSC-1 Low
Virtual machines may be rolled back to a previous state. Rolling back a virtual machine can re-expose patched vulnerabilities, re-enable previously disabled accounts or passwords, remove log files of a machine, use previously retired encryption keys, and change firewalls to expose vulnerabilities. Rolling back virtual machines can also reintroduce malicious code, and protocols reusing TCP sequence numbers that had been previously removed, which could allow TCP hijacking attacks.
VMware ESX 3 Policy 2016-05-03


Check Text ( C-16265r1_chk )
Ask the IAO/SA the process used for virtual machine rollbacks. If no process is used that includes disconnecting the virtual machine from the network before performing a revert to snapshot or rollback, this is a finding.
Fix Text (F-15866r1_fix)
Disconnect from the network or power off the virtual machine before rollbacks.