Fluid Attacks Database

Description

Detects Azure Network Security Group rules that allow unrestricted UDP access from any source IP address (0.0.0.0/0 or *). Such configurations can expose cloud resources to UDP-based attacks, DoS attacks, and unauthorized access from the internet.

Weakness:

157 - Unrestricted access between network segments

Category: Access Subversion

Detection Strategy

• Identifies security rules in Azure Network Security Groups that allow UDP protocol access

• Checks if the source address prefix or prefixes in the rule are set to allow access from any IP (0.0.0.0/0, *, Internet, or any)

• Reports a vulnerability if both conditions are met: UDP protocol is allowed AND source is unrestricted

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.