Unrestricted egress traffic might lead to remote code execution
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | NETWORK |
Description
Open egress means that the asset can download data from the whole web.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Having open egress enables, or worsens, existing remote code execution vulnerabilities.
- The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
- An attacker with access to a basic shell could download harmful binaries.
Remediation guidelines
Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules.