iSCSI storage equipment is not configured with the latest patches and updates.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15790	ESX0080	SV-16729r1_rule		Medium

Description
The ESX Server does not open any ports to listen for network connections. This measure reduces the chances that an intruder can attack the ESX Server through spare ports and possibly compromise the server. However, iSCSI device vulnerabilities may exist even though the ESX Server is configured properly. If security vulnerabilities exist in the iSCSI device software, data located on the iSCSI device may be at risk. To mitigate this risk, system administrators will install all security patches provided by the storage equipment manufacturer and limit the devices connected to the iSCSI network.

Description

The ESX Server does not open any ports to listen for network connections. This measure reduces the chances that an intruder can attack the ESX Server through spare ports and possibly compromise the server. However, iSCSI device vulnerabilities may exist even though the ESX Server is configured properly. If security vulnerabilities exist in the iSCSI device software, data located on the iSCSI device may be at risk. To mitigate this risk, system administrators will install all security patches provided by the storage equipment manufacturer and limit the devices connected to the iSCSI network.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-15977r1_chk )
Validating the iSCSI device software will require the assistance of the system administrator. The system administrator will have to give you the version number of the software and validate that the software is at the latest version. If the software is not at the latest version, this is a finding.

Fix Text (F-15732r1_fix)
Install the latest patches and updates to the iSCSI device.