medium

DHCP abuse for code exec

Published Fri, Jun 25th, 2021

Platforms

Summary

Under certain conditions, an attacker can flood DHCP packets to the victim VM, allowing it to impersonate the Metadata server, and grant themselves SSH access.

Affected Services

N/A

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://github.com/irsl/gcp-dhcp-takeover-code-exec

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Sat, Sep 26th, 2020

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Imre Rad

More vulnerabilities...

high

Privilege escalation on Dialogflow cloud platform

A privilege escalation vulnerability was discovered in Google's Dialogflow cloud platform. When downgrading a user's role from Developer to Reviewer, the permissions were not properly updated, allo...

lalkaJun 13, 2021

low

Elastic Beanstalk - XSS in Web Console

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be di...

Nick FrichetteJun 3, 2021

critical

OMIGOD

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that would grant root RCE if an attacker could send a web request to them. Initially, Microsoft did not update the...

Nir Ohfeld, WizJun 1, 2021

View all