Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Enabling IP forwarding on a Google Compute Instance allows the VM to receive and route network traffic that is not explicitly addressed to it. This configuration can make the instance act like a router, potentially exposing it to unwanted or unauthorized network traffic.
Impact#
If exploited, attackers could use the instance to intercept, reroute, or manipulate network traffic, leading to data leaks or unauthorized access. This increases the risk of network-based attacks and may compromise the security and integrity of your cloud environment.