Cybersecurity researchers have discovered the dangerous default identity and access management (IAM) role that affects Amazon web services that could escalate privileges, manipulate other AWS services, and in some cases open the door to compromise your AWS account completely.
“These roles are often created or recommended automatically during setup, and grant excessively broad permissions, including full S3 access,” Aqua researchers Yakir Kadkoda and Ofek Itach said in their analysis. “These default roles quietly introduce attack paths that allow privilege escalation, cross-service access and even compromise on potential accounts.”
The cloud security company said it has identified security issues with default IAM roles created by AWS services such as Sagemaker, Glue, EMR, Lightsail. A similar flaw has also been unearthed in a popular open source framework called Ray, which automatically creates the default IAM role (Ray-Autoscaler-V1) in the Amazons3fullaccess policy.
What I am concerned about these IAM roles is that they are intended to be something specific, but allow attackers who are abused to break isolated boundaries between services and have a foothold in the environment to move laterally across the service.
These attacks go beyond the bucket’s exclusive attacks. It revolves around a scenario in which threat actors can use predictable S3 bucket naming patterns to set up buckets in unused AWS regions, and ultimately allow legitimate customers to control the bucket content using services such as CloudFormation, Glue, EMR, Sagemaker, Servecatalog, CodeStar.
“In this case, attackers who use Amazons3fullaccess to access the default service role don’t even have to remotely guess the bucket name,” the researchers explained.
“You can use existing privileges to search your account for buckets used by other services using naming patterns, modify assets such as CloudFormation templates, EMR scripts, and Sagemaker resources, and move services within the same AWS account horizontally.”
Put another way, IAM roles within an AWS account with Amazons3fullaccess Permissions have read/write access to all S3 buckets, modifying various AWS services, effectively transforming that role into a powerful way of lateral movement and privilege escalation.
Some of the services identified using a tolerance policy are listed below –
AmazonsAgeMaker-Create a default execution role named AmazonsAgeMaker-Executionrole When you configure a sagemaker domain with a custom policy equivalent to AmazonsAgeMaker-Executionrole, you create an Amazons3fullacess role that creates an Amazons3fullacess Policies emr. Amazons3fullaccess policy
In a hypothetical attack scenario, threat actors can upload malicious machine learning models and hug them in their faces. This can result in the execution of arbitrary code when imported into Suggestion Maker.
The enemy can then escalate privileges within the account, and ultimately violate the entire AWS environment by searching for buckets used in cloud formization and injecting malicious templates to further escalate privileges.
In response to the disclosure, AWS addressed the issue by modifying the Amazons3fullaccess policy for the default service role.
“The role of a default service must be strictly scoped and strictly restricted to the specific resources and actions required,” the researcher said. “Understanding reliance on default configurations, organizations need to proactively audit and update existing roles to minimize risk.”
The findings detail the vulnerabilities in the utility used to install Azure storage preinstalled on Microsoft Azure AI and High Performance Computing (HPC) workloads, allowing the utility to be installed to allow users who are not equipped with Linux machines to escalate root privileges.
“This includes classic privilege escalation methods that include SUID binaries, which are part of the installation of AZNFS-Mount, a utility for installing AZURE storage account NFS endpoints,” says security researcher Tal Peleg.
“For example, users can use those permissions to mount additional Azure storage containers, install malware or ransomware on their machines, and use permissions to try to move horizontally in a network or cloud environment.”
Flaws affecting all versions of the utility up to 2.0.10 are addressed in version 2.0.11, released on January 30, 2025.
Source link
