Unrestricted ingress traffic leave assets exposed to remote attacks
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | Azure | NETWORK |
Description#
Having open ingress means that your asset is exposed to some hosts on the public internet.
- If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
- If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.
Impact#
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | True | False |
- Denial of service
- Possible exploitation of existing vulnerabilities
Remediation guidelines#
Only allow private addresses in the CIDR range.