Fluid Attacks Database

Description

Identifies Azure Firewall network rules that allow access from dangerous or overly permissive source IP ranges (like 0.0.0.0/0). Such configurations can expose Azure resources to unauthorized access from the internet, potentially leading to security breaches.

Weakness:

158 - Unrestricted access between network segments - Azure AD

Category: Access Subversion

Detection Strategy

• Examines each network rule collection within Azure Firewalls

• Checks if any network rule's source addresses include unrestricted IP ranges

• Reports a vulnerability when rules allow access from dangerous CIDR ranges like 0.0.0.0/0 or ::/0

• Includes the specific firewall ID and problematic source address configurations in the report

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.