Azure Icmp Ingress Not Restricted
Description
Detects Azure Network Security Group rules that allow unrestricted inbound ICMP (ping) traffic from overly permissive source ranges. This configuration could enable network scanning and reconnaissance attacks by allowing ping requests from any source.
Detection Strategy
• Scans Network Security Group inbound rules for ICMP protocol or wildcard (*) protocol settings
• Checks if the source address prefix/prefixes include overly permissive ranges like '0.0.0.0/0', '*', 'Internet', or 'Any'
• Reports a vulnerability when an NSG rule allows ICMP traffic from unrestricted source IP ranges
Severity v4.0
0.6
Low
Method ID
CSPM-DCCNY
Technique
CSPM
Target
AZURE
Technology
NETWORK_SECURITY_GROUP
CWE ID(s)
CWE-1327Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.