high

AWS Direct Connect route injection issue

Published Thu, Aug 15th, 2024

Platforms

aws

Summary

A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity issues between AWS EC2 instances and external systems. The issue was caused by a typo in a Direct Connect customer's configuration, which advertised an incorrect prefix to AWS.

Affected Services

EC2, Direct Connect

Remediation

None required. AWS has improved their process for validating IP prefix ownership for Direct Connect public virtual interfaces.

Tracked CVEs

No tracked CVEs

References

https://chair6.net/lets-encrypt-renewal-failures-and-aws-traffic-hijacking.html

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Thu, May 16th, 2024

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

Monitor for unexpected routing or connectivity issues between AWS EC2 instances and external IP addresses. Use tools like mtr or traceroute to identify abnormal network paths.

Piercing Index Rating

-

Discovered by

Jamie Finnigan

More vulnerabilities...

Azue Health privilege escalation via SSRF

azure
Tenable
high

Privilege Elevation Vulnerability in Entra ID

azure

Semperis researchers discovered vulnerabilities in Microsoft applications that allowed privilege elevation in Entra ID beyond expected authorization controls. The most severe finding enabled adding...

Eric Woodruff, Semperis
high

Bucket Monopoly Attack on AWS Services

aws

Researchers discovered critical vulnerabilities in 6 AWS services that could allow attackers to breach accounts through malicious S3 buckets. By claiming predictable bucket names, attackers could i...

Yakir Kadkoda, Ofek Itach, ...
View all