Traffic to /0. allowed in firewall outbound rule
Severity | Exploitability | Providers | Categories |
---|---|---|---|
CRITICAL | HIGH | Google Cloud Provider | NETWORK |
Description
Firewall egress filtering dictates allowed traffic initiated inside the local network and destined for a remote network.
By allowing traffic to /0. all outgoing traffic are authorized. This includes protocoles that should never be allowed to leave a local network and traffic using unplanned port.
In general, it is good practice to avoid very broad network subnet in firewall rules.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | True | False | False |
- Information leaks.
- Unauthorized application usage.
- Compromised instances.
Remediation guidelines
Define a more restrictive firewall egress rule. A log review for exfiltrated data may be relevant.