CCE-90302-1Platform: macosx10.10 | Date: (C)2015-06-23 (M)2022-10-10 |
Disable IPv6 if Not in Use
Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled.
Parameter:
networksetup
Technical Mechanism:
Run the following command to check if IPv6 is enabled on any network interfaces:
sudo networksetup -listallnetworkservices | (while read dev; do echo '$dev'; networksetup -getinfo '$dev' | grep IPv6:; echo ; done)
If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding.
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: Resource Id | Reference |
---|
NIST | CM-6 b |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25079 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25278 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25079 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25278 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:25079 |