Security Group has Any Protocol Open

Tenacity Id

Risk Level




Last Updated:

April 21, 2022

An unused AWS Security Group contains an inbound rule that allows any protocol. Unrestricted inbound port access is inherently insecure and creates a broad attack surface of commonly exploited protocols that could be exploited by a malicious actor. Unused Security Groups should be removed, or if re-assigned, remove or restrict the inbound rule allowing any protocol in this Security Group by configuring rules for only the required protocols.