Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The ESXi host must disable Simple Network Management Protocol (SNMP) v1 and v2c.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-258767 | ESXI-80-000212 | SV-258767r959010_rule | Medium |
| Description |
|---|
| If SNMP is not being used, it must remain disabled. If it is being used, the proper trap destination must be configured. If SNMP is not properly configured, monitoring information can be sent to a malicious host that can use this information to plan an attack. |
| STIG | Date |
|---|---|
| VMware vSphere 8.0 ESXi Security Technical Implementation Guide | 2024-07-11 |
Details
| Check Text ( C-62507r933360_chk ) |
|---|
| From an ESXi shell, run the following command: # esxcli system snmp get or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHostSnmp | Select * If SNMP is not in use and is enabled, this is a finding. If SNMP is enabled and is not using v3 targets with authentication, this is a finding. Note: SNMP v3 targets can only be viewed and configured via the "esxcli" command. |
| Fix Text (F-62416r933361_fix) |
|---|
| To disable SNMP from an ESXi shell, run the following command: # esxcli system snmp set -e no or From a PowerCLI command prompt while connected to the ESXi Host: Get-VMHostSnmp | Set-VMHostSnmp -Enabled $false |