Skip to main content

Automatic information enumeration - Open ports

Description

The security group is configured to open an unnecessarily large range of ports. With the scan is possible to list the services available on the servers to know which one can be consumed.

Impact

  • Scan all the system ports and access the services that are running on them.
  • Install backdoors on the compromised system through the open ports.

Recommendation

Securely configure the vulnerable service to be accessed only by authorized users.

Threat

Internal attacker with access to the VPC.

Expected Remediation Time

⌚ 120 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: A
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: P
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:P/RL:X/RC:X
  • Score:
    • Base: 4.6
    • Temporal: 4.4
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The service has a secure port configuration

Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
VpcId:
Ref: myVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 20
ToPort: 22
CidrIp: 10.0.0.0/8
SecurityGroupEgress:
- IpProtocol: udp
FromPort: 20
ToPort: 22
CidrIp: 0.0.0.0/0

Non compliant code

There is an insecure range of ports enabled on the service

Resources:
InstanceSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: Allow http to client host
VpcId:
Ref: myVPC
SecurityGroupIngress:
- IpProtocol: tcp
FromPort: 0
ToPort: 8000
CidrIp: 10.0.0.0/8
SecurityGroupEgress:
- IpProtocol: udp
FromPort: 0
ToPort: 8000
CidrIp: 0.0.0.0/0

Requirements