VPC Unrestricted Ingress

Not restricting ingress allows connections from the public internet on any port and host, significantly increasing the extent of a compromise.

Remediation

Restrict CIDR to known range
Restrict port to white listed set of ports.
See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/network_acl_rule#cidr_block

Metadata

Severity: critical
Slug: vpc-unrestricted-ingress

CWEs

284: Improper Access Control

OWASP

A05:2021: Security Misconfiguration

Available Labs

Select a language to explore available labs for this vulnerability.

1 Lab

Aws Labs

Aws 1 lab

Explore 1 lab in Aws.

No matching labs found

Try adjusting your language filter.

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.