Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution.
The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, and likely escalate privileges or perform malicious activities by writing files to sensitive areas of the system, Cymulate said in a report shared with The Hacker News.
Amazon SSM Agent is a component of Amazon Web Services (AWS) that enables administrators to remotely manage, configure, and execute commands on EC2 instances and on-premises servers.
The software processes commands and tasks defined in SSM Documents, which can include one or more plugins, each of which is responsible for carrying out specific tasks, such as running shell scripts or automating deployment or configuration-related activities.
What’s more, the SSM Agent dynamically creates directories and files based on the plugin specifications, typically relying on plugin IDs as part of the directory structure. This also introduces a security risk in that improper validation of these plugin IDs can lead to potential vulnerabilities.
The discovery by Cymulate is a path traversal flaw arising as a result of improper validation of plugin IDs, which could allow attackers to manipulate the filesystem and execute arbitrary code with elevated privileges. The issue is rooted in a function named “ValidatePluginId” within pluginutil.go.
“This function fails to properly sanitize input, allowing attackers to supply malicious plugin IDs containing path traversal sequences (e.g., ../),” security researcher Elad Beber said.
As a result of this flaw, an attacker could essentially furnish a specially crafted plugin ID when creating an SSM document (e.g., ../../../../../../malicious_directory) to execute arbitrary commands or scripts on the underlying file system, paving the way for privilege escalation and other post-exploitation actions.
Following responsible disclosure on February 12, 2025, the vulnerability was addressed on March 5, 2025, with the release of Amazon SSM Agent version 3.3.1957.0.
“Add and use BuildSafePath method to prevent path traversal in the orchestration directory,” according to release notes shared by the project maintainers on GitHub.
