Json Yaml Security Group Unrestricted Ports
Description
Detects unrestricted port configurations in AWS EC2 security groups defined in CloudFormation templates. This vulnerability occurs when security group rules allow overly permissive network access (e.g. all ports open or unrestricted IP ranges), which could expose EC2 instances to unauthorized access.
Detection Strategy
• Check if EC2 security group contains ingress or egress rules in CloudFormation template
• Analyze each security group rule for unrestricted port ranges (e.g. port range 0-65535)
• Verify if the rule allows traffic from unrestricted IP addresses (e.g. 0.0.0.0/0)
• Flag security group rules that combine unrestricted ports with broad IP ranges as vulnerable
Vulnerable code example
Resources:
VulnerableSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Insecure security group configuration
VpcId:
Ref: myVPC
SecurityGroupIngress:...✅ Secure code example
Resources:
SecureSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Secure security group configuration
VpcId:
Ref: myVPC
SecurityGroupIngress:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.