Non-encrypted confidential information - EFS
Description
The AWS Elastic File System (EFS) service is encrypted with a default KMS key. Best practices recommend encrypting EFS instances using Customer Managed Keys (CMKs) to reduce risk of exposure and give full control of encrypted information.
Impact
Obtain confidential information from file system
Recommendation
Enable the EFS encryption using a KMS Customer Managed Key (CMK)
Threat
Anonymous attacker with local access to one or more EFS instances
Expected Remediation Time
⏱️ 20 minutes.
Fixes
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
H
Attack requirements
N
Privileges required
N
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P