031 – Excessive privileges - AWS

Description

The application, a user or a role have more privileges than they require. This can be leveraged by an attacker to execute normally restricted actions on a system.

Impact

Execute actions that should be restricted to other groups or roles.

Recommendation

Explicitly assign permissions to the appropriate groups and roles following the principle of least privilege.

Threat

Authenticated attacker from the Internet with access to a misconfigured role.

Expected Remediation Time

30 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: L
• User interaction: N
• Confidentiality (VC): L
• Integrity (VI): L
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: P

Requirements

• 095 - Define users with privileges
• 096 - Set user's required privileges
• 186 - Use the principle of least privilege

Fixes

• Aws
• Cloudformation

Last updated

2024/02/07