Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Wiz
FIN-735
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Not Verified
What It Detects
A Wiz-monitored compute instance is both internet-facing and using IMDSv1. This is a high-risk combination because internet-exposed applications are the primary target for SSRF attacks, and IMDSv1 has no token-based protection against such attacks. An attacker who finds any SSRF vulnerability in a web application on this instance can immediately steal IAM role credentials from the metadata service.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
Connectors
match
Wiz
Extra Data
and
[{'key': 'Key', 'value': 'wiz.use_instance_metadata_v2', 'operator': 'match'}, {'key': 'Value', 'value': 0, 'operator': 'match'}]
Public Facing (True/False)
==
1
Remediation
×
×
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum