Summary
A privilege escalation vulnerability in Amazon EC2 Autoscaling was identified. The CreateLaunchConfiguration action lacked PassRole validation, allowing users to launch EC2 instances with unauthorized roles. AWS fixed the issue for both CreateLaunchConfiguration and CreateAutoScalingGroup actions, implementing proper PassRole validation when using the instance-id option.
Affected Services
Amazon EC2 Autoscaling
Remediation
None required. AWS has deployed fixes worldwide for both affected actions.
Tracked CVEs
No tracked CVEs
References
https://www.finra.org/about/technology/blog/finra-security-engineer-finds-privilege-escalation-in-amazonhttps://medium.com/@shubham.agarawal95/bypassing-the-passrole-validation-in-amazon-ec2-autoscaling-be2471d27910
Contributed by https://github.com/ramimac
Entry Status
Finalized
Disclosure Date
Thu, Aug 11th, 2022
Exploitablity Period
Until 2022/09/09
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected EC2 instance launches or unusual role assignments in Autoscaling groups. Review CloudTrail logs for suspicious CreateLaunchConfiguration or CreateAutoScalingGroup API calls.
Piercing Index Rating
-
Discovered by
Shubham Agrawal, FINRA
