Fluid Attacks Database

Description

Detects security group rules that specify wide port ranges instead of specific ports in AWS EC2 security groups. Having broad port ranges increases the attack surface by potentially exposing unnecessary ports to network access, which violates the principle of least privilege and could allow unauthorized access to EC2 instances.

Weakness:

024 - Unrestricted access between network segments - AWS

Category: Access Subversion

Detection Strategy

• Scans all security group rules in the specified AWS region

• Reports a vulnerability when a security group rule has different 'FromPort' and 'ToPort' values, indicating a port range rather than a single port

• Each vulnerable rule is reported with its security group ID, AWS account, and the specific port range values that triggered the alert

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.