457 – Unrestricted access between network segments - databases
Description
The infrastructure definition for network segments in the AWS context is too permissive to databases.
Impact
- Expose resources, processes and sensitive information that could be compromised. - Accept incoming or outcoming connections that should be restricted by design
Recommendation
Limit network segments, ports, IP addresses, network protocols, and administrative services only to the required users.
Threat
Anonymous attacker from Internet.
Expected Remediation Time
Score 4.0
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
- Attack vector: A
- Attack complexity: H
- Attack Requirements: N
- Privileges required: L
- User interaction: N
- Confidentiality (VC): L
- Integrity (VI): N
- Availability (VA): N
- Confidentiality (SC): N
- Integrity (SI): N
- Availability (SA): N
Threat 4.0
- Exploit maturity: P