Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
The firewall rule allows incoming SSH (port 22) connections from any IP address (0.0.0.0/0), exposing your servers to the public internet. This configuration makes SSH access unrestricted and easily discoverable.
Impact#
Attackers could attempt to brute-force SSH credentials or exploit SSH vulnerabilities, potentially gaining unauthorized access to your servers. This increases the risk of data breaches, system compromise, and further attacks within your cloud environment.