Unrestricted egress traffic might lead to remote code execution
- GG_ID: GG_IAC_0002
- Severity: HIGH
- Complexity: HIGH
- Categories: NETWORK
- Providers: AWS
- Potential data exposure: False
- Visible in logs: False
- User interaction required: False
- Privileges required: False
Description#
Open egress means that the asset can download data from the whole web.
Impact#
Having open egress enables, or worsens, existing remote code execution vulnerabilities.
- The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
- An attacker with access to a basic shell could download harmful binaries.
Remediation guidelines#
Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules. Note that assets that share the same security group can always access each other.