Discovery of AWS Default IAM Roles Facilitating Lateral Movement and Cross-Service Exploitation

Cybersecurity researchers have uncovered significant vulnerabilities within the default identity and access management (IAM) roles associated with Amazon Web Services (AWS), which could enable attackers to escalate privileges, manipulate other AWS services, or even gain full control of AWS accounts.

These roles, typically created automatically or suggested during initial setup, may grant excessive permissions, such as universal access to S3, according to experts from Aqua. The researchers emphasize that these default roles introduce unmonitored attack vectors, facilitating privilege escalation and cross-service access, ultimately leading to potential account compromise.

The cloud security firm identified critical security concerns related to default IAM roles generated by various AWS services, including SageMaker, Glue, EMR, and Lightsail. A similar shortcoming has been identified in the widely utilized open-source framework Ray, which automatically establishes a default IAM role (ray-autoscaler-v1) with the AmazonS3FullAccess policy.

What is particularly alarming is the nature of these IAM roles; although designed for specific functions, they can be exploited to perform administrative tasks, breaking down the isolation barriers between services. This could empower an attacker with a foothold in the environment to traverse laterally across different AWS services.

These attack methods extend beyond traditional bucket monopoly attacks, in which a threat actor exploits predictable S3 bucket naming conventions to establish buckets in unutilized AWS regions. This ultimately allows them to take control of bucket contents when a legitimate user activates services such as CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar.

An attacker who gains access to a default service role with AmazonS3FullAccess can locate and manipulate S3 buckets utilized by other services based on predictable naming patterns. This grants them the ability to alter assets, such as CloudFormation templates and EMR scripts, thus allowing for lateral movement across services within the AWS account.

An IAM role with AmazonS3FullAccess permissions inherently possesses read/write access to all S3 buckets and can modify various AWS services. This effectively transforms the role into a potent mechanism for privilege escalation and lateral movement within the environment.

The following AWS services have displayed permissive IAM policy frameworks:

– Amazon SageMaker AI: Creates a default execution role named AmazonSageMaker-ExecutionRole-, which includes a policy comparable to AmazonS3FullAccess.
– AWS Glue: Generates a default AWSGlueServiceRole that incorporates the AmazonS3FullAccess policy.
– Amazon EMR: Establishes a default AmazonEMRStudioRuntimeRole role with AmazonS3FullAccess permissions.

In a potential attack scenario, a malicious actor could upload a harmful machine learning model to Hugging Face, which, when imported into SageMaker, results in the execution of arbitrary code. This could potentially allow them to take control of other AWS services, such as Glue, by injecting backdoors to steal IAM credentials from Glue jobs.

This adversary could further escalate privileges within the account, compromising the entire AWS environment by targeting CloudFormation buckets and injecting malevolent templates to enhance their capabilities.

In response to these findings, AWS has taken corrective measures by adjusting the AmazonS3FullAccess policy applied to default service roles. Security experts emphasize the importance of closely scoping default service roles and restricting them to the necessary resources and actions. Organizations are advised to conduct proactive audits and modify existing roles to mitigate risks, rather than relying solely on default configurations.

In a related development, Varonis has reported a vulnerability in an installed utility for mounting Azure Storage, utilized within Microsoft Azure AI and High-Performance Computing (HPC) workloads. This vulnerability allows non-privileged users on a Linux system with the utility to escalate privileges to root.

This issue involves a typical privilege escalation approach via a SUID binary embedded in the AZNFS-mount utility used for connecting to Azure Storage Account NFS endpoints. Under certain circumstances, an individual could exploit this vulnerability to elevate permission levels to root, thereby granting access to additional Azure Storage containers and laying the groundwork for deploying malware or ransomware within the system, ultimately facilitating lateral movement across network or cloud infrastructures.

The flaw, affecting all versions of the utility prior to 2.0.10, has been addressed in the release of version 2.0.11 on January 30, 2025.