H3-2024-0043¶

AWS Privilege Escalation via iam:PassRole and cloudformation:CreateStack

Description¶

A security weakness was identified where a user with the 'iam:PassRole' and 'cloudformation:CreateStack' permissions can pass a more privileged role to a new AWS CloudFormation stack. This can be exploited by the user to create resources within the stack that assume the passed role and inherit its permissions, allowing the user to perform actions that their own role would not typically allow.

Impact¶

The impact of exploiting this weakness can be severe, as it could allow an attacker to gain unauthorized control over additional AWS resources and execute operations with elevated privileges, potentially compromising the entire AWS environment.

References¶

• Security Best Practices for AWS IAM
• MITRE ATT&CK Technique: T1548.005: Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access