Lateral movement

Privileged Group – Policy Version

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

An IAM Group is a collection of IAM Users. You can use groups to specify permissions for a collection of users. The group {AwsIamGroup} was found with permissive permissions that allow for the ability to create or change a managed policy's version. Managed policies often hold a list of previous versions of the permissions they grant. By creating a new versions with additional permissions, or reverting to an old more permissive version, an attacker may be able to escalate their privileges and achieve account takeover.

  • Recommended Mitigation

    Review the group's policy and consider removing any of the following actions: iam:CreatePolicyVersion, iam:SetDefaultPolicyVersion

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.