SYM_CONF_0258 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Access Control
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-284: Improper Access Control |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Assigning a public IP address to an AWS EC2 instance exposes it directly to the internet, making it accessible from anywhere. This increases the risk of unauthorized access or attacks on the instance.
Impact
If exploited, attackers could connect directly to the EC2 instance, potentially gaining access to sensitive data or control over the system. This exposure can lead to data breaches, service disruptions, or use of your resources for malicious purposes.