Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Virtual machine rollbacks are performed when virtual machine is connected to the network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15905 | ESX1090 | SV-16847r1_rule | ECSC-1 | Low |
| Description |
|---|
| Virtual machines may be rolled back to a previous state. Rolling back a virtual machine can re-expose patched vulnerabilities, re-enable previously disabled accounts or passwords, remove log files of a machine, use previously retired encryption keys, and change firewalls to expose vulnerabilities. Rolling back virtual machines can also reintroduce malicious code, and protocols reusing TCP sequence numbers that had been previously removed, which could allow TCP hijacking attacks. |
| STIG | Date |
|---|---|
| VMware ESX 3 Policy | 2016-05-03 |
Details
| Check Text ( C-16265r1_chk ) |
|---|
| Ask the IAO/SA the process used for virtual machine rollbacks. If no process is used that includes disconnecting the virtual machine from the network before performing a revert to snapshot or rollback, this is a finding. |
| Fix Text (F-15866r1_fix) |
|---|
| Disconnect from the network or power off the virtual machine before rollbacks. |