Some internal services might be listening to remote requests
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | HIGH | AWS | NETWORK |
Description
Ingress access of a security group does not specify a port range. This means that some applications running on assets of this security group may be reached by external traffic, while they are not expected to do so.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | False |
Potential exposure of applications that are not supposed to be" listening to external traffic.
Remediation guidelines
Identify which ports needs to be exposed to external traffic, and open only those ports.