An ingress nas security group rule allows traffic from /0.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | nas |
| Provider | Nifcloud |
| Vulnerability Type | misconfiguration |
Description#
The NAS security group rule permits incoming traffic from any IP address (0.0.0.0/0), effectively exposing the NAS service to the entire internet without restriction. This configuration lacks proper network access controls.
Impact#
An attacker anywhere on the internet could attempt to access exposed NAS resources, leading to potential data breaches, unauthorized data manipulation, or disruption of services. This significantly increases the risk of compromise and unauthorized access to sensitive storage.
Resolution#
Set a more restrictive cidr range