Insecure service configuration - EC2
Description
Some EC2 instances have insecure configurations that an attacker can use to access or interrupt critical application processes
Impact
Compromise the security of one or several EC2 Instances
Recommendation
Perform a hardening process over all the EC2 instances, by following the recommended best practices
Threat
Internet attacker with access to the AWS console.
Expected Remediation Time
⏱️ 45 minutes.
Requirements
266 - Disable insecure functionalitiesFixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
H
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
N
Availability (VA)
H
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P