Fluid Attacks Database

Aws Modify Instance Attribute

Description

Detects IAM policies that allow broad permissions to modify EC2 instance attributes across all AWS resources. This is a security risk as it could enable unauthorized changes to critical EC2 instance configurations like instance types, user data, or security groups without proper restrictions.

Weakness:

333 - Insecure service configuration - EC2

Category: Functionality Abuse

Detection Strategy

• Checks IAM policies attached to IAM users, roles, or groups

• Identifies policy statements that have Effect: Allow

• Looks for EC2 instance attribute modification actions (e.g., ModifyInstanceAttribute)

• Verifies if the Resource field is set to '*' (all resources)

• Reports a vulnerability when all these conditions are met, indicating overly permissive EC2 modification rights

Severity v4.0

4.6

Medium

Method ID

CSPM-DOIT2

Technique

CSPM

Target

AWS

Technology

EC2

CWE ID(s)

CWE-497

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.