SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible

  • Query id: 7af1c447-c014-4f05-bd8b-ebe3a15734ac
  • Query name: SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
  • Platform: Ansible
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

Check if port 2383 on TCP is publicly accessible by checking the CIDR block range that can access it.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: example using security group rule descriptions
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: "{{ aws_profile }}"
    region: us-east-1
    rules:
      - proto: tcp
        ports:
          - 2383
        cidr_ip: 0.0.0.0/0
        rule_desc: allow all on port 2383

- name: example using security group rule descriptions 2
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: "{{ aws_profile }}"
    region: us-east-1
    rules:
      - proto: tcp
        ports:
          - 2383
        cidr_ip: 0.0.0.0/0
        rule_desc: allow all on port 2383

- name: example using security group rule descriptions 3
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: "{{ aws_profile }}"
    region: us-east-1
    rules:
      - proto: tcp
        to_port: -1
        from_port: -1
        cidr_ip: 0.0.0.0/0
        rule_desc: allow all on port 2383

- name: example using security group rule descriptions 4
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: "{{ aws_profile }}"
    region: us-east-1
    rules:
      - proto: tcp
        ports:
          - 2000-3000
        cidr_ip: 0.0.0.0/0
        rule_desc: allow all on port 2383

- name: example using security group rule descriptions 5
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: "{{ aws_profile }}"
    region: us-east-1
    rules:
      - proto: tcp
        to_port: 3000
        from_port: 2000
        cidr_ip: 0.0.0.0/0
        rule_desc: allow all on port 2383

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: example using security group rule descriptions
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: '{{ aws_profile }}'
    region: us-east-1
    rules:
    - proto: tcp
      ports:
      - 2383
      cidr_ip: aws_vpc.main.cidr_block
      rule_desc: allow all on port 2383

- name: example using security group rule descriptions 2
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: '{{ aws_profile }}'
    region: us-east-1
    rules:
    - proto: udp
      ports:
      - 2383
      cidr_ip: 0.0.0.0/0
      rule_desc: allow all on port 2383

- name: example using security group rule descriptions 3
  amazon.aws.ec2_group:
    name: awsEc2
    description: sg with rule descriptions
    vpc_id: vpc-xxxxxxxx
    profile: '{{ aws_profile }}'
    region: us-east-1
    rules:
    - proto: tcp
      to_port: 4000
      from_port: 3000
      cidr_ip: 0.0.0.0/0
      rule_desc: allow all on port 2383