Unrestricted egress traffic might lead to remote code execution
- GG_ID: GG_IAC_0016
- Severity: HIGH
- Complexity: LOW
- Categories: NETWORK
- Providers: Azure
- Potential data exposure: True
- Visible in logs: False
- User interaction required: True
- Privileges required: False
Description#
Having open egress enables, or worsens, existing remote code execution vulnerabilities.
- The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
- An attacker with access to a basic shell could download harmful binaries.
Impact#
- Remote code execution.
Remediation guidelines#
Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules. Note that assets in the same virtual network can always access each other.