Attack Chain

1. An attacker gains access to an AWS account with permissions to register ECS task definitions or write to Secrets Manager or SSM Parameter Store.
2. The attacker crafts a malicious ECS task definition. This definition includes an FSx Windows File Server volume configuration with a specially crafted username field containing a command injection payload.
3. The attacker registers the crafted task definition with the ECS service using ecs:RegisterTaskDefinition.
4. When ECS attempts to mount the FSx volume, it retrieves the credentials from Secrets Manager or SSM Parameter Store.
5. Due to improper input validation, the command injection payload within the username field is executed by the Amazon ECS Agent for Windows.
6. The malicious command is executed with SYSTEM privileges on the underlying host.
7. The attacker leverages the SYSTEM privileges to install malware, exfiltrate data, or perform other malicious activities.

Impact

Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary commands with SYSTEM privileges on the affected ECS Windows worker instance. This could lead to complete system compromise, including data theft, malware installation, and denial of service. The scope of impact is limited to ECS Windows worker instances running vulnerable versions (1.47.0 through 1.102.2). ECS on Fargate is not affected.

Recommendation

• Upgrade to ECS agent version 1.103.0 or later on all ECS Windows worker instances to remediate the vulnerability.
• Restrict ecs:RegisterTaskDefinition permissions to trusted IAM principals only to limit the ability to register malicious task definitions.
• Restrict write access to Secrets Manager secrets and SSM Parameter Store parameters referenced in FSx volume configurations.