Network misconfigurations
Azure virtual machine allows direct Telnet access from the Internet
Risk Level
Hazardous (3)
Platform(s)
Compliance Frameworks
- CCPA ,
- ISO/IEC 27001 ,
- Microsoft Cloud Security Benchmark ,
- Mitre ATT&CK v12 ,
- New Zealand Information Security Manual ,
- NIST 800-53 ,
- Orca Best Practices ,
- UK Cyber Essentials
Description
Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. The Telnet port (23) is open on your virtual machine and allows all incoming traffic from the Internet. In order to keep security best practices, you should restrict access to be only from allowed IP addresses.-
Recommended Mitigation
Configure networking rule to allow incoming Telnet traffic from allowed IP addresses only.