Json Yaml Security Group Rfc1918 Cidr
Description
Detects AWS EC2 security group rules that use RFC 1918 private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) in their CIDR specifications. Using private IP ranges in security groups could indicate misconfiguration or overly permissive access between VPCs/networks.
Detection Strategy
• Examine ingress and egress rules in EC2 security group configurations within CloudFormation templates
• Check if any CIDR IP ranges in the rules match RFC 1918 private address spaces (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
• Report a vulnerability when security group rules use private IP ranges, as this could indicate improper network segmentation
Vulnerable code example
Resources:
VulnerableSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Insecure security group configuration
VpcId:
Ref: myVPC
SecurityGroupIngress:...✅ Secure code example
Resources:
SecureSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Secure security group configuration
VpcId:
Ref: myVPC
SecurityGroupIngress:...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.