SYM_CONF_0168 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The firewall rule allows inbound TCP traffic on port 20 (FTP data) from any IP address (0.0.0.0/0), exposing the service to the entire internet. This configuration makes the FTP service publicly accessible without restriction.
Impact
Unrestricted FTP access can allow attackers to probe, exploit, or abuse the FTP service from anywhere, increasing the risk of unauthorized data transfer, brute-force attacks, or service misuse. This can lead to data breaches or compromise of other internal resources.