Security News > 2021 > June > Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine
An unpatched security vulnerability affecting Google's Compute Engine platform could be abused by an attacker to take over virtual machines over the network.
"This is done by impersonating the metadata server from the targeted virtual machine's point of view," security researcher Imre Rad said in an analysis published Friday.
Google Compute Engine is an infrastructure-as-a-service component of Google Cloud Platform that enables users to create and launch virtual machines on demand.
GCE provides a method for storing and retrieving metadata in the form of the metadata server, which offers a central point to set metadata in the form of key-value pairs that's then provided to virtual machines at runtime.
According to the researcher, the issue is a consequence of weak pseudo-random numbers used by the ISC DHCP client, resulting in a scenario wherein an adversary crafts multiple DHCP packets using a set of precalculated transaction identifiers and floods the victim's DHCP client, ultimately leading to the impersonation of the metadata server.
In a potential real-world scenario, the aforementioned attack chain can be abused by an adversary to gain full access to a targeted virtual machine as it's being rebooted or over the internet in cases when the cloud platform's firewall is turned off.