Prevasio | Security issues: Critical level

Critical severity CSPM issues (12)

	Severity	Non-Compliance	Region	Resource	Issue	Remediation	Read more	Action
Web	Critical	—	eastus	prevasio.click-prevasio-web-app	App Service certificate has expired 3 days ago.	Make sure App Service certificates are configured to be auto-renewed.	More info
Networking	Critical	—	eastus	test-vm-nsg	Network Security Group (NSG) contains an inbound rule "SSH" that allows unrestricted access on TCP port 22 (SSH server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Port_ANY" that allows unrestricted access on all ports (all services).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on all ports (all services) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 22 (SSH server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 21 (FTP server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 21 (FTP server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 4333 (MySQL server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 4333 (MySQL server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Port_RDP" that allows unrestricted access on TCP port 3389 (RDP server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 3389 (RDP server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 135 (RPC server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 135 (RPC server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 445 (SMB over TCP).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 445 (SMB over TCP) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 25 (SMTP server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 25 (SMTP server) to known IP addresses only.	More info
Networking	Critical	—	westus2	open-to-all	Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 23 (Telnet).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 23 (Telnet) to known IP addresses only.	More info
Networking	Critical	—	westus2	test-vm2-nsg	Network Security Group (NSG) contains an inbound rule "SSH" that allows unrestricted access on TCP port 22 (SSH server).	To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.	More info

Critical severity private container images (3)

Repository	Image tag	Region	Image size	Pushed at	Latest	Vulnerabilities	Alerts	Action
samples/82zge/zagit	tag1	eastus	204.72 MB		✓	2 Critical + 1,600 others (details)	Contains malware Multios.Coinminer.Miner-6781728-2 (details) Clones Monero (XMR) cryptomining Git repository (details)
samples/gudthing/sql-rpg	v0.03	eastus	120.4 MB		✓	27 Critical + 196 others (details)	No issues
021982/xmrig2	xmrig2, xmrig3	eastus	7.14 MB		✓	3 Critical + 27 others (details)	Contains malware Multios.Coinminer.Miner-6781728-2 (details)

Critical severity public container images (0)

Repository	Image tag	Region	Image size	Pushed at	Latest	Vulnerabilities	Alerts	Action