CCC.IAM.TH08: Privilege Escalation via Indirect Role Usage
Threat ID:CCC.IAM.TH08
Title:Privilege Escalation via Indirect Role Usage
Description:
An identity principal possesses specific, highly privileged permissions, such as the ability to pass roles or impersonate service accounts, that allow it to leverage the permissions of a different, more privileged role. Even without being able to directly assume the target role, the principal can attach it to a new resource they control and then use that resource to perform unauthorized actions.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.IAM.CP02 | IAM Users | Ability to create, manage, list and delete IAM users. IAM user represents a single person or application. |
| CCC.IAM.CP06 | IAM Roles / Service Principals | Ability to create, manage, list and delete IAM roles. IAM role is an identity for applications or services to access resources. |
| CCC.IAM.CP15 | Role Assumption / Delegation | Ability to temporarily assume another role or delegate access. Commonly used for user impersonation or temporary privilege elevation. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1548.006 | 0 | Abuse Elevation Control Mechanism: Temporary Elevated Cloud Access |