Cybersecurity researchers have demonstrated an “end-to-end privilege escalation chain” with Amazon Elastic Container Services (ECS). This could be exploited to attackers to access horizontal movements, access sensitive data and seize control of the cloud environment.
The attack technology was called Ecscape by sweet security researcher Naor Haziz.
“We have identified ways to exploit undocumented ECS internal protocols to obtain AWS credentials belonging to other ECS tasks on the same EC2 instance,” Haziz said in a report shared with Hacker News. “Malicious containers with low product IAM [Identity and Access Management] A role can obtain permissions for high prebuild containers running on the same host. ”
Amazon ECS is a fully managed container orchestration service that integrates with Amazon Web Services (AWS) to enable container workloads to run in the cloud.
The vulnerability identified by Sweet Security essentially allows privilege escalation by allowing the modest tasks running on ECS instances to be able to steal and hijack IAM privileges of the same EC2 machine’s IAM privileges.
In other words, malicious apps in ECS clusters may assume the role of a more privileged task. This is facilitated by utilizing a metadata service running on 169.254.170[.]Publish temporary credentials related to the two-task IAM role.
This approach ensures that each task retrieves IAM role credentials and is delivered at runtime, but leaks of the ECS agent identity could allow an attacker to impersonate an agent and retrieve credentials for any task on the host. The entire sequence is as follows:
Get the host’s IAM role credentials (EC2 instance role) and impersonate the agent and discover the ECS control plane endpoints the agent discusses to collect the required identifiers (cluster name/ARN, agent version information, Docker version, ACS protocol version, sequence number). Requests by impersonating an agent with the sendcreDentials parameter set to the “true” harvesting credentials for all running tasks in that instance
“The counterfeit agent channel remains stealth too,” Hazes said. “Our malicious sessions mimic the expected behavior of agents: message recognition, sequence number increase, heartbeat sending – nothing is found.”
“Making it as an agent’s upstream connection, Ecscape completely disrupts its trust model. One compromised container can passively collect IAM role credentials for all other tasks on the same EC2 instance and act immediately with those privileges.”
ECSCAPE can have serious consequences when running ECS tasks on a shared EC2 host. This is to open the door to cross-task privilege escalation, secret exposure, and metadata peeling.
Following responsible disclosure, Amazon highlights the need for customers to adopt a stronger separation model as applicable, making it clear in its document that EC2 does not have task separation and that “containers may have access to credentials for other tasks on the same container instance.”
As a mitigation, we recommend avoiding the deployment of high-effective tasks along with unreliable or modest tasks on the same instance. Use AWSFargate for true isolation, disable or restrict Instance Metadata Services (IMDS) access for tasks, restrict permissions for ECS agents, and register CloudTrail Alerts.
“The core lessons mean that each container must be treated as potentially compromised and strictly constrained the radius of that blast,” Hazes said. “While AWS’s handy abstractions (task roles, metadata services, etc.) make life easier for developers, when multiple tasks at different privilege levels share the underlying host, security is only as strong as the mechanisms that separate them.
This development is triggered by several cloud-related security weaknesses reported in recent weeks –
The race state in the GitHub integration of Google Cloud Build allows an attacker to potentially use Pibot via the victim’s cloud shell environment after an attacker bypasses the maintainer’s review and the “/gcbrun” command issues a remote code execution vulnerability in Oracle Cloud Infrastructure (OCI) code editor by the maintainer, allowing an attacker to potentially use Pibot via the victim’s cloud shell environment. The cloud accesses malicious HTML pages hosted on a server through a drive-by attack. This visits an attack technology called I Spy that exploits Microsoft First-Party Application Service Principal (SP) with Enterd ID for persistence and privilege escalation via federal authentication. It allows them to run arbitrary code within an AML pipeline, extract secrets from Azure Key Vaults, escalate privileges, and allow them to gain broader access to cloud resources. Legacy Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Range Gerrit called Gerriscary, which allowed for fraudulent code submissions to at least 18 Google projects, including Chromiumos (CVE-2025-1568, CVSS score: 8.8), Chromium, Dart, and Bazel. The misconception of the Google Cloud Platform, which exposed the subnetwork used for member exchanges at Internet Exchange Points (IXPs), allows attackers to potentially exploit Google’s cloud infrastructure to gain unauthorized access to their internal IXP LANs. A vulnerability called the Google Cloud Privilege Extension Vulnerability can be adapted to other cloud platforms such as AWS and Azure, using AWS lambdas and Azure functions, respectively.
“The most effective mitigation strategy to protect the environment from the actions of similar threat actors is to ensure all SAS [Service Account] It follows the principle of least privilege in a cloud environment and the principle that legacy cloud SAS is not yet used,” Talos said. If legacy SAS is present, replace it with a minimum SAS. ”
Source link
