high

AttachMe

Published Tue, Sep 20th, 2022
Platforms

Summary

Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been read from or written to as long as an attacker knew their Oracle Cloud Identifier (OCID), allowing sensitive data to be exfiltrated or even more impactful attacks to be initiated via executable file manipulation in the target tenant's environment.

Affected Services

OCI Volumes

Remediation

None required.

Tracked CVEs

No tracked CVEs

References

Entry Status
Finalized
Disclosure Date
Thu, Jun 9th, 2022
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Elad Gabay, Wiz