Unrestricted egress traffic might lead to remote code execution
Open egress means that the asset can download data from the whole web.
|Potential data exposure
|Visible in logs
|User interaction required
Having open egress enables, or worsens, existing remote code execution vulnerabilities.
- The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
- An attacker with access to a basic shell could download harmful binaries.
Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules.