Json Yaml Admin Ports Open To World
Description
Detects when AWS CloudFormation templates contain security group rules that allow unrestricted public access (0.0.0.0/0) to administrative ports on EC2 instances. This creates a critical security risk by potentially exposing management interfaces to malicious actors on the internet.
Detection Strategy
• Check CloudFormation template for EC2 security group ingress rules
• Identify if the CIDR range in the ingress rule is set to 0.0.0.0/0 (allow from anywhere)
• Verify if the port ranges in these rules include administrative ports (like SSH-22, RDP-3389)
• Report a vulnerability when unrestricted access is allowed to these sensitive ports
Vulnerable code example
Resources:
mySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Vulnerable security group
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0 # Vulnerable: allows inbound access from any IPv4 address
FromPort: 22...✅ Secure code example
Resources:
mySecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Secure security group
SecurityGroupIngress:
- CidrIp: !Ref AllowedIpRange # Restrict SSH access to specific IP range
FromPort: 22...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.