Cybersecurity researchers have identified a critical vulnerability in Amazon Elastic Container Service (ECS) that could allow attackers to escalate privileges, move laterally within cloud environments, and access sensitive data. This flaw, dubbed ECScape, was presented by Naor Haziz of Sweet Security at the Black Hat USA security conference in Las Vegas.
Amazon ECS is a fully managed container orchestration service that enables users to deploy, manage, and scale containerized applications. It integrates seamlessly with Amazon Web Services (AWS), facilitating the running of container workloads in the cloud. The ECScape vulnerability allows a low-privileged task running on an ECS instance to hijack the Identity and Access Management (IAM) privileges of a higher-privileged container on the same EC2 machine by stealing its credentials.
The exploitation process involves several steps:
1. Obtain Host’s IAM Role Credentials: The attacker acquires the EC2 instance’s IAM role credentials to impersonate the ECS agent.
2. Discover ECS Control Plane Endpoint: The attacker identifies the endpoint that the ECS agent communicates with.
3. Gather Necessary Identifiers: Using the Task Metadata endpoint and ECS introspection API, the attacker collects essential identifiers such as cluster name/ARN, container instance ARN, agent version information, Docker version, ACS protocol version, and sequence number.
4. Forge and Sign ACS WebSocket Request: The attacker crafts a WebSocket request impersonating the agent, setting the `sendCredentials` parameter to true.
5. Harvest Credentials: The attacker retrieves credentials for all running tasks on the instance.
This method exploits an undocumented ECS internal protocol, allowing a malicious container with a low-privileged IAM role to obtain the permissions of a higher-privileged container running on the same host. By impersonating the agent’s upstream connection, ECScape undermines the trust model, enabling one compromised container to collect every other task’s IAM role credentials on the same EC2 instance and act with those privileges.
The implications of ECScape are significant, especially when running ECS tasks on shared EC2 hosts. It opens the door to cross-task privilege escalation, secrets exposure, and metadata exfiltration. Following responsible disclosure, Amazon has emphasized the need for customers to adopt stronger isolation models where applicable. The company has updated its documentation to clarify that there is no task isolation in EC2 and that containers can potentially access credentials for other tasks on the same container instance.
To mitigate the risks associated with ECScape, it is advised to avoid deploying high-privilege tasks alongside untrusted or low-privilege tasks on the same EC2 instance. Implementing strict isolation measures and regularly reviewing IAM roles and permissions can help prevent unauthorized access and potential exploitation.
