| ID | Title | Description |
|---|---|---|
| CCC.VM.TH01 | Images Contain Vulnerabilities | Virtual machine images may include outdated software, insecure configurations, or secrets. Use of such images can introduce vulnerabilities into environments where they are deployed. |
| CCC.VM.TH02 | Instance Metadata is Unprotected | Instance metadata services may be exposed within virtual machines without appropriate access controls, allowing unauthorized retrieval of sensitive configuration details or temporary credentials. |
| CCC.VM.TH03 | Bootstrap Scripts Introduce Unintended Behavior | Bootstrap scripts executed at startup may include unvalidated commands or configuration changes. If not securely managed, these scripts can modify instance behavior in unexpected or insecure ways. |
| CCC.VM.TH04 | Instance Templates Propagate Insecure Defaults | Instance templates may contain hardcoded credentials, open ports, or insecure configurations. When reused across deployments, these templates can replicate vulnerabilities at scale. |
| CCC.VM.TH05 | Network Access Rules Allow Unintended Communication | Inadequately scoped network access rules may permit communication between virtual machines and untrusted networks or services, increasing exposure to unauthorized access and lateral movement. |
| CCC.VM.TH06 | Remote Access Interfaces Are Insufficiently Restricted | Virtual machine instances may expose remote access methods such as SSH or RDP without proper access controls or network restrictions, allowing unintended access to administrative interfaces. |
| CCC.VM.TH07 | Resource Starvation Through Preemptible (spot) VM Termination | Workloads running on preemptible (spot) instances may experience unexpected termination by the cloud provider with minimal notice. This can result in workload instability, leading to service degradation or denial-of-service if critical processes are scheduled on such VMs, potentially impacting system reliability and availability. |
| CCC.VM.TH08 | Co-Residency Risk on Non-Dedicated Infrastructure | Virtual machines operating on shared infrastructure, rather than dedicated instances, may be exposed to increased risk of side-channel or cross-VM activities. This can result in data leakage or memory scraping, potentially compromising data confidentiality and system integrity. |
| CCC.VM.TH09 | Misconfigured Vertical Scaling Leads to Privilege Escalation | Inadequate permissions or automation logic in vertical scaling processes may allow unauthorized resource escalation, such as adding CPUs or memory. This can result in elevated access rights, increased computational capacity for unintended actions, or unplanned cost increases, potentially affecting system security and operational control. |
| CCC.VM.TH10 | Auto-Scaling Abuse for Resource Exhaustion | Automated horizontal scaling mechanisms may be manipulated through forced load generation, such as distributed denial-of-service events, triggering excessive VM creation. This can lead to billing anomalies, service instability, or disruption of resource quotas, potentially impacting cost management and service availability. |
| CCC.VM.TH11 | VM Image Tampering or Poisoning | Virtual machine images may be created or modified to include backdoors, malware, or misconfigurations. The deployment of compromised images can propagate threats across cloud infrastructure, potentially affecting data integrity, confidentiality, and system reliability. |
| CCC.VM.TH12 | Instance Snapshots Expose Sensitive Data | Instance snapshots may be created or shared with insufficient access restrictions or retention controls. This can result in unauthorized access to snapshot data containing workloads, credentials, or configuration state, potentially impacting data confidentiality and system integrity. |
Compute / Virtual Machines
Threats
Version: