SYM_CONF_0186 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Enabling 'serial-port-enable' on a Google Compute Engine VM allows connections to the VM's serial port, which can expose sensitive system access if not properly restricted. This setting should be disabled unless explicitly required for debugging or troubleshooting.
Impact
If attackers gain access to the serial port, they could potentially bypass standard authentication, view sensitive console output, or execute commands directly on the VM. This increases the risk of unauthorized access and compromise of the virtual machine and its data.