Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Enabling ‘can_ip_forward’ on a Google Compute Instance Template allows instances to forward network packets, effectively making them act as network routers. This increases the risk of traffic being routed through unintended or insecure paths.
Impact#
If IP forwarding is enabled, an attacker could route unauthorized or malicious traffic through your instances, potentially exposing sensitive data or enabling lateral movement within your network. This can lead to data breaches or compromise of other systems.