Publicly Accessible EC2 instance has privileged role and a critical vulnerability

Docs > Datadog Security > OOTB Rules > Publicly Accessible EC2 instance has privileged role and a critical vulnerability

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

A publicly accessible EC2 instance has one or more critical severity vulnerabilities.

A compromise of this EC2 instance could lead to potential abuse of the privileges associated with the instance, and could lead to unauthorized access to the account and other resources the instance has access to.

Unpatched vulnerabilities can expose system weaknesses and create an entry point for attackers to gain unauthorized access to the host. This can lead to data breaches, unauthorized modifications, or control of the underlining system.

Remediation

Review any associated vulnerability references or advisories.
Review the level of access and privileges associated with the EC2 instance and scope them down to the minimum required.
Apply the appropriate patch based on remediation guidance. If no patch is available, apply compensating controls such as disabling or removal of the vulnerable component.
Assess whether this instance needs to be accessible from the internet. If not, restrict access to the instance.