Path Traversal in AWS SSM Agent Plugin ID Validation
Published Wed, Apr 9th, 2025
Platforms
Summary
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
Affected Services
Systems Manager (SSM), SSM Agent
Remediation
None required
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Wed, Feb 12th, 2025
Exploitability Period
Until 2025/03/05
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected directory creation or file execution in sensitive system areas, especially those involving the SSM Agent. Review SSM document executions for suspicious plugin IDs containing path traversal sequences.
Piercing Index Rating
-
Discovered by
Elad Beber, Cymulate
