medium

Privilege escalation in GCP OS Login

Published Wed, Mar 17th, 2021
Platforms

Summary

GCP provides an OS Login service for managing SSH access to compute instances using IAM roles. An attacker could abuse this feature via LXD, Docker (if available on the target system) and DHCP poisoning of the metadata server to escalate their privileges on a Google Compute Engine VM.

Affected Services

OS Login

Tracked CVEs

CVE-2020-8933, CVE-2020-8907, CVE-2020-8903

References

Disclosure Date
Thu, Jun 4th, 2020
Exploitablity Period
until June 2020
Known ITW Exploitation
-
Detection Methods
-
Discovered by
Chris Moberly, null