H3-2024-0008

AWS Privilege Escalation - iam:UpdateAssumeRolePolicy

Description

An AWS user or role that is not an administrator was found to have the iam:UpdateAssumeRolePolicy permission. An attacker can exploit this misconfiguration by updating the role trust policy to permit themselves or another entity to assume a role, potentially escalating their access privileges within the AWS environment.

Impact

Exploiting this misconfiguration can give an attacker elevated privileges and unauthorized access to various AWS resources. This can lead to further compromise of the AWS environment.

References

• UpdateAssumeRolePolicy - Documentation
• MITRE ATT&CK Technique: T1098.003: Account Manipulation: Additional Cloud Roles