Improper Access Control
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The network ACL rule allows all inbound or outbound traffic across all ports, instead of restricting access to only necessary ports. This overly permissive configuration exposes your AWS resources to unwanted network access.
Impact#
If exploited, attackers could access any service or application running in your VPC, increasing the risk of unauthorized access, data breaches, and lateral movement within your environment. This weakens your network’s security posture and may lead to compromise of sensitive assets.