high

AWS SSM agent local privilege escalation

Published Wed, Apr 20th, 2022
Platforms

Summary

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate privileges to root. This could occur in certain situations involving a race condition.

Affected Services

SSM, EC2

Remediation

Update the agent to the patched version (3.1.1208)

Tracked CVEs

CVE-2022-29527

References

Disclosure Date
Mon, Feb 28th, 2022
Exploitablity Period
until 2022/04/05
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Matthias Gerstner, SUSE