high

Non-Production AWS Endpoints as Attack Surface

Published Tue, May 28th, 2024
Platforms

Summary

Researchers identified non-production AWS API endpoints that could be abused for defense evasion, including silent permission enumeration, accessing account data without logging, and partially bypassing CloudTrail. AWS has remediated specific issues but thousands of such endpoints may exist.

Affected Services

ECR, Cost Explorer, Route 53 Resolver, IVS

Remediation

None required. AWS has remediated the specific vulnerabilities disclosed.

Tracked CVEs

No tracked CVEs

References

Entry Status
Stub (AI-Generated)
Disclosure Date
Tue, Jun 27th, 2023
Exploitablity Period
2023/06/27 - 2024/05/27
Known ITW Exploitation
-
Detection Methods
Monitor for API calls to non-standard AWS endpoints. Review CloudTrail logs for unusual event sources or missing expected events.
Piercing Index Rating
-
Discovered by
Nick Frichette, Datadog Security Labs