SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
- Query id: 7af1c447-c014-4f05-bd8b-ebe3a15734ac
- Query name: SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible
- Platform: Ansible
- Severity: Medium
- Category: Networking and Firewall
- CWE: Ongoing
- URL: Github
Description¶
Check if port 2383 on TCP is publicly accessible by checking the CIDR block range that can access it.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: example using security group rule descriptions
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
ports:
- 2383
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 2
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
ports:
- 2383
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 3
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
to_port: -1
from_port: -1
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 4
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
ports:
- 2000-3000
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 5
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: "{{ aws_profile }}"
region: us-east-1
rules:
- proto: tcp
to_port: 3000
from_port: 2000
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: example using security group rule descriptions
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: '{{ aws_profile }}'
region: us-east-1
rules:
- proto: tcp
ports:
- 2383
cidr_ip: aws_vpc.main.cidr_block
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 2
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: '{{ aws_profile }}'
region: us-east-1
rules:
- proto: udp
ports:
- 2383
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383
- name: example using security group rule descriptions 3
amazon.aws.ec2_group:
name: awsEc2
description: sg with rule descriptions
vpc_id: vpc-xxxxxxxx
profile: '{{ aws_profile }}'
region: us-east-1
rules:
- proto: tcp
to_port: 4000
from_port: 3000
cidr_ip: 0.0.0.0/0
rule_desc: allow all on port 2383