Fluid Attacks Database

Aws Admin Ports Open

Description

Detects AWS EC2 security groups that allow unrestricted inbound access (0.0.0.0/0) to administrative ports. This poses a critical security risk by potentially exposing management interfaces like RDP or SSH to the entire internet, making EC2 instances vulnerable to unauthorized access attempts.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Evaluates each security group's inbound rules (IpPermissions)

• Flags security groups that have port rules (FromPort/ToPort) allowing access from 0.0.0.0/0

• Reports a vulnerability if administrative ports (like 22, 3389, 23) are accessible from any IP address

• Examines both IPv4 (IpRanges) and IPv6 (Ipv6Ranges) permissions for unrestricted access patterns

Severity v4.0

2.7

Low

Method ID

CSPM-42IPA

Technique

CSPM

Target

AWS

Technology

EC2

CWE ID(s)

CWE-1327

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.