Researchers from Aqua identified critical vulnerabilities in six Amazon Web Services (AWS): CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar.
These vulnerabilities varied in severity, potentially allowing remote code execution, full-service user takeover, AI module manipulation, data exposure, data exfiltration, and denial of service (DoS) attacks. The vulnerabilities could have affected any organization using these services globally.
The research introduced two significant attack vectors: the “Shadow Resource” and “Bucket Monopoly” techniques.
These vectors exploit automatically generated AWS resources, such as S3 buckets, created without explicit user instructions. Attackers could leverage these vectors to execute code, steal data, or take over user accounts.
Timeline of Discovery and Mitigation:
- February 16, 2024: Vulnerabilities in CloudFormation, Glue, EMR, SageMaker, and CodeStar were reported to AWS.
- February 18, 2024: A vulnerability in ServiceCatalog was reported.
- March 16-25, 2024: AWS confirmed fixes for vulnerabilities in CloudFormation, EMR, Glue, and SageMaker.
- April 30, 2024: A report indicated that the CloudFormation fix left users vulnerable to a DoS attack.
- May 7, 2024: AWS announced they were working on a fix for the CloudFormation issue.
- June 26, 2024: AWS confirmed fixes for ServiceCatalog and CloudFormation vulnerabilities.
- August 2024: The research was presented at Black Hat USA and DEF CON 32.
Download Free Cybersecurity Planning Checklist for SME Leaders (PDF) – Free Download
Technical Details
Shadow resources are automatically generated by AWS services, often without user awareness. For example, CloudFormation creates an S3 bucket with a predictable naming pattern when creating a new stack.
Here are the short vulnerability details for each service in a single line:
- CloudFormation: Allows an attacker to execute code, manipulate or steal data, and gain full control over a victim’s account by claiming a predictable S3 bucket name.
- Glue: Enables an attacker to inject code into a victim’s Glue job, resulting in remote code execution (RCE) and potential takeover of the victim’s account.
- EMR: Not specified in the provided text, but mentioned as one of the vulnerable services.
- SageMaker: Not specified in the provided text, but mentioned as one of the vulnerable services.
- ServiceCatalog: Not specified in the provided text, but mentioned as one of the vulnerable services.
- CodeStar: Considered addressed since new customers are no longer allowed to create projects, as the service is planned for deprecation in July 2024.
According to Aqua research, Attackers could exploit this by preemptively creating buckets in unused regions, leading to potential data manipulation or account takeover.
This technique involves claiming all possible unclaimed regions for a predictable S3 bucket pattern, increasing the likelihood of intercepting a victim’s interactions with these buckets. This could lead to severe outcomes, such as complete account compromise.
AWS responded promptly to the reported vulnerabilities, implementing fixes to prevent attackers from exploiting these vectors. For instance, AWS now adds random sequences to bucket names if a bucket already exists or prompts users to choose a new name. CodeStar’s issue was addressed as the service is planned for deprecation in July 2024.
AWS Glue Vulnerability Allows Remote Code Execution
Researchers have discovered a critical vulnerability in AWS Glue, a service used to automate ETL processes. When a user creates a job using the Visual ETL tool, an S3 bucket is automatically created to store Glue jobs, primarily Python scripts executed by Glue.
The bucket’s name is predictable, with a constant prefix followed by the account ID and region. An attacker who knows the AWS account ID can create this bucket in any region and wait for the victim to use Glue ETL, which will cause the victim’s Glue service to write files to the attacker-controlled bucket.
To exploit this vulnerability, an attacker must claim the predictable S3 bucket, define a permissive resource-based policy, and allow public access to the bucket.
They would also need to define a Lambda function that injects code into any file dropped into the bucket. This vulnerability allows an attacker to inject any code into the victim’s Glue job, resulting in remote code execution (RCE).
In some scenarios, it is also possible to create other resources in the victim’s account or an admin role that could be assumed by the attacker, depending on the role the victim granted to the Glue job.
Mitigation
- Implement Scoped Policies: Use the
aws:ResourceAccountcondition in policies to ensure that only trusted accounts can access your resources. - Verify Bucket Ownership: Regularly check the ownership of S3 buckets using predictable patterns to ensure they belong to your account.
- Unique Bucket Naming: Avoid predictable bucket names; instead, use unique hashes or random identifiers for each region and account.
While AWS has mitigated the vulnerabilities in the affected services, similar attack vectors may still exist in other AWS services or open-source projects. Organizations should follow best practices and implement recommended mitigations to protect against such threats.
Are you from SOC/DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Access