An inbound network security rule allows traffic from /0.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | network |
| Provider | Azure |
| Vulnerability Type | misconfiguration |
Description#
The network security rule is configured to allow inbound traffic from any IP address (0.0.0.0/0), exposing the resource to the entire internet. This overly broad rule bypasses network segmentation and makes the resource accessible to unauthorized parties.
Impact#
If exploited, attackers anywhere on the internet can reach the exposed port, increasing the risk of unauthorized access, data breaches, and service disruption. This significantly elevates the attack surface and can lead to compromise of sensitive systems or data within the Azure environment.
Resolution#
Set a more restrictive cidr range