Fluid Attacks Database

Description

Detects AWS EC2 security groups configured to allow unrestricted IP protocols (all protocols) in their inbound or outbound rules. This configuration creates an overly permissive network access policy that could allow malicious traffic across any protocol.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Scans EC2 security group inbound rules (IpPermissions) for any rule with IpProtocol set to '-1' or -1

• Scans EC2 security group outbound rules (IpPermissionsEgress) for any rule with IpProtocol set to '-1' or -1

• Reports a vulnerability for each security group that has unrestricted protocol rules in either direction

• Captures the port range (FromPort, ToPort) and protocol settings as evidence in the vulnerability report

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.