Virtual network security group permits ingress from '0.0.0.0/0' to port 22 (SSH) Affecting Network service in Azure

Snyk CCSS

Network / Ports

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Azure CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00462
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Attackers could use brute force techniques to gain access to virtual machines. Once the attackers gain access, they can use a virtual machine as a launch point for compromising other machines on the virtual network or even attack networked devices outside of Azure.

How to fix?

Remove 22, *, or any port range that covers 22 from properties.securityRules[].properties.destinationPortRange(s) when 'properties.securityRules[].properties.access' is set to allow.

Virtual network security group permits ingress from '0.0.0.0/0' to port 22 (SSH) Affecting Network service in Azure

Severity

Description

How to fix?

ARM

Terraform

References