SYM_CONF_0200 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Enabling IP forwarding on a Google Compute Instance allows the VM to receive and route network traffic that is not explicitly addressed to it. This configuration can make the instance act like a router, potentially exposing it to unwanted or unauthorized network traffic.
Impact
If exploited, attackers could use the instance to intercept, reroute, or manipulate network traffic, leading to data leaks or unauthorized access. This increases the risk of network-based attacks and may compromise the security and integrity of your cloud environment.