SYM_CONF_0181 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The firewall configuration allows incoming FTP (TCP port 21) traffic from any IP address, making the service publicly accessible. This exposes the server to unauthorized access attempts over FTP.
Impact
Attackers could exploit this open access to attempt brute-force logins, transfer malicious files, or abuse the FTP service, potentially leading to data breaches or further compromise of resources within your Google Cloud environment.