Network misconfigurations

Azure Cosmos DB firewall allows access from all public Azure datacenters

Platform(s)
Compliance Frameworks

Description

When enabling 'Accept connections from within Azure datacenters' option, IP address 0.0.0.0 is added to the list of allowed IP addresses. The 0.0.0.0 IP address restricts requests to your Azure Cosmos DB account from Azure datacenter IP range. This option configures the firewall to allow all requests from Azure, including requests from the subscriptions of other customers deployed in Azure. The list of IPs allowed by this option is wide, so it limits the effectiveness of a firewall policy.

  • Recommended Mitigation

    It is recommended to disable this option and configure firewall rules with more restricted IP addresses.

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.