Description

IAM Instance Profiles are used to attach IAM Roles to EC2 Instances in order to grant them permissions to different AWS APIs. The instance profile {AwsIamInstanceProfile}, which is connected to {AwsIamInstanceProfile.Ec2Instances|count} instances, was found to have a role with permissive permissions that allow for the ability to create or change a managed policy's version. Managed policies often hold a list of previous versions of the permissions they grant. By creating a new versions with additional permissions, or reverting to an old more permissive version, an attacker may be able to escalate their privileges and achieve account takeover.