Lateral movement

Privileged User – Policy Version

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

An IAM User is an entity that you create in AWS. The IAM User represents the person or service that uses the IAM User to interact with AWS. The user {AwsUser} was found with permissive permissions that allow for the ability to create or change a managed policy's version. Managed policies often hold a list of previous versions of the permissions they grant. By creating a new versions with additional permissions, or reverting to an old more permissive version, an attacker may be able to escalate their privileges and achieve account takeover.
  • Recommended Mitigation

    Review the user's policy and consider removing any of the following actions: iam:CreatePolicyVersion, iam:SetDefaultPolicyVersion