medium

Launching EC2s did not require specifying AMI owner

Published Mon, Aug 13th, 2018
Platforms

Summary

Attackers had put malicious AMIs in the marketplace to abuse the CLI''s way of selecting what AMI to use. Although the concept of planting malicious AMIs had existed for a while (ex. in the 2009 presentation "Clobbering the clouds" by Nicholas Arvanitis, Marco Slaviero, and Haroon Meer) it had not been used specifically to target this issue with the CLI.

Affected Services

EC2

Remediation

Update CLI and other tools that create EC2s

Tracked CVEs

CVE-2018-15869

References

Disclosure Date
Mon, Aug 13th, 2018
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Megan Marsh, null