258 – Lack of protection against deletion - ELB

Description

The current configuration of Elastic Load Balancing has no Deletion Protection safety feature enabled.

Impact

- AWS load balancers can be accidentally deleted. - Load-balanced environments remain unsafe. - Intentional or accidental deletion of data integrity.

Recommendation

Check the Deletion Protection configuration attribute value inside attributes section and enable it.

Threat

Attacker with access to the AWS console that modifies or deletes information.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: L
• Attack Requirements: N
• Privileges required: H
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): H
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 186 - Use the principle of least privilege
• 265 - Restrict access to critical processes

Fixes

• Aws
• Cloudformation

Last updated

2024/02/18