Azure Dangerous Ports Access
Description
Detects Azure Network Security Group (NSG) rules that allow inbound traffic to dangerous ports from broad source IP ranges. This configuration could expose sensitive services to unauthorized access from the internet, potentially enabling attackers to exploit vulnerable services.
Detection Strategy
• Rule direction must be 'Inbound'
• Rule access must be 'Allow'
• Protocol must be either 'TCP' or '*' (all protocols)
• Source address prefixes include overly permissive ranges (like 0.0.0.0/0 or '*')
• Destination port ranges include sensitive ports commonly targeted by attackers
Severity v4.0
1.3
Low
Method ID
CSPM-5RCSR
Technique
CSPM
Target
AZURE
Technology
NETWORK_SECURITY_GROUP
CWE ID(s)
CWE-1327Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.