Network misconfigurations

Network security group rule allows unrestricted incoming access to TCP port 27017 or 27018 or 27019 or 27020 (MongoDB)

Compliance Frameworks


An Azure Security Group acts as a virtual firewall for your instances to control inbound and outbound traffic. We identified the security group ""{AzureNetworkSecurityGroup}"" ({AzureNetworkSecurityGroup.NsgId}) is configured to allow inbound access to TCP port 27017-27020 (MongoDB) from any IP address ( or ::/0).
  • Recommended Mitigation

    Ensure security groups in your account are configured to allow access to TCP ports 27017-27020 (MongoDB) from specific IP addresses only. More details can be found in <a href="" target="_blank" rel="noopener noreferrer"></a>