Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The firewall configuration allows incoming FTP (TCP port 21) traffic from any IP address, making the service publicly accessible. This exposes the server to unauthorized access attempts over FTP.
Impact#
Attackers could exploit this open access to attempt brute-force logins, transfer malicious files, or abuse the FTP service, potentially leading to data breaches or further compromise of resources within your Google Cloud environment.