Terraform Security Group Oracle Port Exposed
Description
Identifies Azure Network Security Groups (NSGs) with overly permissive inbound rules that allow unrestricted access to Oracle database ports. This creates a security risk by potentially exposing Oracle database instances to unauthorized access from the internet.
Detection Strategy
• Examines Network Security Group rules in Azure Terraform configurations
• Identifies inbound rules that allow access to Oracle database ports (typically 1521/1522)
• Flags rules that have overly permissive source address prefixes like '0.0.0.0/0' or '*'
• Reports a vulnerability when an NSG rule allows unrestricted inbound access to Oracle ports from any source
Vulnerable code example
resource "azurerm_network_security_rule" "vulnerable" {
# INSECURE: Allows unrestricted access (*) to Oracle DB ports
name = "Oracle_DB"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "*" # Vulnerable: allows access from any source IP...✅ Secure code example
resource "azurerm_network_security_rule" "secure" {
name = "Oracle_DB"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_address_prefix = "VirtualNetwork" # Only allow access from within the virtual network
destination_port_range = "1521" # Single port range is more secure than ranges array...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.