high

Security Flaw in AWS Transit Gateway Peering Attachments

Published Thu, Sep 12th, 2024

Platforms

Summary

A security flaw in AWS Transit Gateway Peering attachments allowed unauthorized acceptance of peering requests between regions. The exploit bypassed the approval step, granting potential unauthorized access to networks. AWS patched the issue on August 7, 2024, after being notified on July 25, 2024.

Affected Services

Transit Gateway

Remediation

Implement SCPs to block the AcceptTransitGatewayPeeringAttachment API call for untrusted accounts or use organization ID-based policies to secure the entire organization.

Tracked CVEs

No tracked CVEs

References

https://engineering.doit.com/aws-transit-gateway-peering-exploit-a1715edd4c8a

Contributed by https://github.com/korniko98

Entry Status

Stub (AI-Generated)

Disclosure Date

Thu, Jul 25th, 2024

Exploitablity Period

Until 2024/08/07

Known ITW Exploitation

Detection Methods

Monitor CloudTrail logs for unauthorized AcceptTransitGatewayPeeringAttachment API calls from external accounts. Implement alerts for unexpected state changes in Transit Gateway peering attachments.

Piercing Index Rating

Discovered by

James Sheard, DoiT

More vulnerabilities...

Copilot Studio information disclosure via SSRF

Tenable

Tue, Aug 20th, 2024

high

WireServing Up Credentials in Azure Kubernetes Services

A vulnerability in Azure Kubernetes Services allowed attackers to escalate privileges and access cluster credentials. Affected clusters used Azure CNI for network configuration and Azure for networ...

Nick McClendon, Daniel McNa...

Mon, Aug 19th, 2024

high

AWS Direct Connect route injection issue

A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity...

Jamie Finnigan

Thu, Aug 15th, 2024

View all