Aws Amazon Aws

Do you want an email whenever new security vulnerabilities are reported in Amazon Aws?

Recent Amazon Aws Security Advisories

Advisory Title Published
2022-04-19 Reported Apache Log4j Hotpatch Issues April 19, 2022
2022-04-12 Reported AWS Desktop VPN Client for Windows Issue April 12, 2022
2022-04-11 Reported Amazon RDS PostgreSQL issue April 11, 2022
2022-03-18 CVE-2022-0778 awareness March 18, 2022
2022-01-13 Reported AWS Glue Issue January 13, 2022
2022-01-13 Reported AWS CloudFormation Issue January 13, 2022
2021-12-23 AWSSupportServiceRolePolicy Informational Update December 23, 2021
2021-12-17 Update for Apache Log4j2 Issue (CVE-2021-44228) December 17, 2021
2021-12-16 Update for Apache Log4j2 Issue (CVE-2021-44228) December 16, 2021
2021-12-15 Update for Apache Log4j2 Issue (CVE-2021-44228) December 15, 2021

By the Year

In 2022 there have been 6 vulnerabilities in Amazon Aws with an average score of 7.9 out of ten. Last year Aws had 4 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.96

Year Vulnerabilities Average Score
2022 6 7.87
2021 4 8.83
2020 3 7.10
2019 0 0.00
2018 0 0.00

It may take a day or so for new Aws vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Amazon Aws Security Vulnerabilities

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didnt mimic the permissions of the JVM being patched

CVE-2021-3100 8.8 - High - April 19, 2022

The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didnt mimic the permissions of the JVM being patched, allowing it to escalate privileges.

Improper Privilege Management

Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process

CVE-2021-3101 8.8 - High - April 19, 2022

Hotdog, prior to v1.0.1, did not mimic the capabilities or the SELinux label of the target JVM process. This would allow a container to gain full privileges on the host, bypassing restrictions set on the container.

Improper Privilege Management

Incomplete fix for CVE-2021-3100

CVE-2022-0070 8.8 - High - April 19, 2022

Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

Improper Privilege Management

Incomplete fix for CVE-2021-3101

CVE-2022-0071 8.8 - High - April 19, 2022

Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked.

Improper Privilege Management

An issue was discovered in Amazon AWS VPN Client 2.0.0

CVE-2022-25165 7 - High - April 14, 2022

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service (running as SYSTEM) processing the file. Dangerous arguments can be injected by a low-level user such as log, which allows an arbitrary destination to be specified for writing log files. This leads to an arbitrary file write as SYSTEM with partial control over the files content. This can be abused to cause an elevation of privilege or denial of service.

TOCTTOU

An issue was discovered in Amazon AWS VPN Client 2.0.0

CVE-2022-25166 5 - Medium - April 14, 2022

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user's Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.

Information Disclosure

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations

CVE-2021-45046 9 - Critical - December 14, 2021

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Marshaling, Unmarshaling

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2

CVE-2021-44228 10 - Critical - December 10, 2021

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Marshaling, Unmarshaling

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal

CVE-2021-30465 8.5 - High - May 27, 2021

runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

Directory traversal

Sudo before 1.9.5p2 contains an off-by-one error

CVE-2021-3156 7.8 - High - January 26, 2021

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

off-by-five

An issue was discovered in Xen through 4.14.x

CVE-2020-25604 4.7 - Medium - September 23, 2020

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.

Race Condition

An issue was discovered in Xen through 4.14.x

CVE-2020-25595 7.8 - High - September 23, 2020

An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.

Improper Privilege Management

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which

CVE-2020-8558 8.8 - High - July 27, 2020

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Amazon Aws or by Amazon? Click the Watch button to subscribe.

Amazon
Vendor

Amazon Aws
Product

subscribe