Skip to main content

Unrestricted egress traffic might lead to remote code execution

  • GG_ID: GG_IAC_0002
  • Severity: HIGH
  • Complexity: HIGH
  • Categories: NETWORK
  • Providers: AWS
  • Potential data exposure: False
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: False


Open egress means that the asset can download data from the whole web.


Having open egress enables, or worsens, existing remote code execution vulnerabilities.

  • The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
  • An attacker with access to a basic shell could download harmful binaries.

Remediation guidelines#

Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules. Note that assets that share the same security group can always access each other.

External documentation#