Unrestricted egress traffic might lead to remote code execution

Severity	Exploitability	Providers	Categories
HIGH	HIGH	AWS	NETWORK

Description

Open egress means that the asset can download data from the whole web.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	False	False	False

Having open egress enables, or worsens, existing remote code execution vulnerabilities.

• The log4j vulnerability relies on having open egress to download a malicious java class from a remote host.
• An attacker with access to a basic shell could download harmful binaries.

Remediation guidelines

Identify which remote ips the asset needs to connect to, and implement the adequate CIDR rules.

References

• AWS Security groups configuration
• Log4J and the power of egress filtering

Was this page helpful?