low

Route table modification to imitate metadata service

Published Mon, Oct 19th, 2020
Platforms

Summary

An attacker with sufficient privileges in AWS to modify the route table and some other EC2 privileges, could pretend to be a metadata server and provide an attacker controlled bootup script to EC2s to move laterally.

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

Disclosure Date
Mon, Oct 19th, 2020
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Ryan Gerstenkorn, null