Azure Rpc Unrestricted Access
Description
Detects Azure Network Security Groups (NSGs) that allow unrestricted access to RPC port 135 from any IP address. Unrestricted RPC access could enable attackers to remotely execute malicious code or exploit vulnerabilities in the RPC service, potentially compromising the affected systems.
Detection Strategy
• Examines each security rule in Azure Network Security Groups
• Reports a vulnerability when a rule allows inbound traffic to port 135 (RPC) from any source IP address ('*' or '0.0.0.0/0')
• Checks both TCP protocol and wildcard (*) protocol rules that could allow RPC access
• Considers both source_address_prefix and source_address_prefixes fields in NSG rules
Severity v4.0
1.2
Low
Method ID
CSPM-AAN1Z
Technique
CSPM
Target
AZURE
Technology
NETWORK_SECURITY_GROUP
CWE ID(s)
CWE-1327Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.