Unrestricted ingress traffic leaves assets exposed to remote attacks
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | HIGH | AWS | NETWORK |
Description
A security group has open ingress from all IPs, and on all ports. This means that the assets in this security group are exposed to the whole web.
Furthermore, no port range is specified. This means that some applications running on assets of this security group may be reached by external traffic, while they are not expected to do so.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | True | False | False |
Having open ingress means anyone can try and connect to the asset.
If credentials are required to establish a connection, it still leaves open the possibility to bruteforce the credentials, or perform Denial of Service attacks.
If no credentials are required, or credentials have been acquired by an attacker, then the asset is fully compromised.
Remediation guidelines
Identify which remote ips need to connect to the asset, and implement the adequate CIDR rules.
References
Was this page helpful?
