Beware the 'Secret Agent' Cloud Middleware

New open source database details the software that cloud service providers typically silently install on enterprises' virtual machines — often unbeknownst to customers.

Image depicting a cloud security with a lock amid a sea of city buildings
Source: Itsanan Sampuntarat via Alamy Stock Photo

RSA CONFERENCE 2022 – If cloud services weren't complicated enough for the typical business today to properly configure and secure, there's also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws.

Researchers from last week at RSA Conference in San Francisco unveiled an open source, cloud middleware database on GitHub that details the specific middleware agents that Amazon Web Services (AWS), Google, and Microsoft install on their cloud customers' virtual machines. The goal is to shine a light on this traditionally hidden proprietary software layer and its potential software flaws that can leave a cloud customer unknowingly at risk of attack.

Cloud providers often silently install these "secret agent" middleware programs on their customers' virtual machines, and with the highest privileges, as a "bridge" between their cloud services and their customers' VMs. The Cloud Middleware Dataset database project aims to provide cloud customers insight into this layer of software they rarely know exists on their virtual machines in a cloud service — and the potential security risks associated with it.

"These agents are adding an additional attack surface and cloud customers don't know about those agents ...; most are installed silently. If they come pre-installed, they have no idea" either, Shir Tamari, head of research at, told Dark Reading in an interview at the RSA Conference last week.

The most high-profile example of cloud middleware gone wrong was the discovery of major flaws in Microsoft Azure's Open Management Infrastructure (OMI) agent software last fall. Tamari and his fellow researchers unearthed major remote execution and privilege escalation vulns in Azure, with a collection of flaws they dubbed OMIGOD. OMI runs on many Linux VMs in Azure to provide configuration management functions for cloud customers.

Of the four OMIGOD vulnerabilities (CVE-2021-38647, CVE-2021-38648, CVE-2021-38645, and CVE-2021-38649), the most painful one was CVE-2021-38647, which could allow an attacker to gain root on a VM with a single packet, merely by stripping the authentication header. The problem: A default configuration for OMI was exposed the HTTPS management port on the public Internet. Microsoft provided auto-updates for Azure to address the flaws, after initially releasing patches that most Azure customers had no idea applied to them since they weren't aware of OMI.

"There was confusion over how to handle this middleware" patching, Tamari said.

The Cloud Middleware Dataset so far includes several agents used in Azure in addition to OMI, such as Microsoft Azure Guest Agent (WALinuxAgent), which is preconfigured in all Azure Linux images and has root privileges. WALinuxAgent's listing in the database notes that the agent previously contained an information disclosure vulnerability, CVE-2019-0804. If exploited, it could allow an attacker to access memory in the kernel from a user process.

Other Azure middleware detailed in the database are Operations Management Suite, dependency agent, pipelines agent, and RD Agent service, each of which is employed in various Azure services.

AWS, meanwhile, has four such middleware agents listed in the dataset, AWS Systems Manager Agent (SSM Agent), AWS PV Drivers, AWS ECS container agent, and AWS EC2 Hibernation Initialization Agent. A local privilege escalation flaw CVE-2022-29527 was found this year in SSM Agent that an attacker could use to gain root access. That agent comes preconfigured in Windows, Linux, and macOS VM images.

Google Cloud runs Accounts Daemon, OSConfig agent, and a guest agent in its cloud services, all of which are Linux-based. OSConfig and guest also run on Windows. Accounts Daemon, which works in Google's OS Login service, previously was patched for a local privilege escalation flaw, CVE-2020-8933, that would have given root access. OSConfig, which is built into GCP VM images, also had a local privilege escalation vuln in 2020 that Google later fixed.

What to Ask About Cloud Middleware

So, how can organizations pinpoint these "secret agents," as Wiz researchers refer to them?

In an interview with Dark Reading at RSAC, Wiz co-founder and CTO Ami Luttwak said organizations should ask questions of cloud providers to get a clear view of what their software environment looks like: "Whose middleware is it [and] how do you know if it's running on your environment" and does the software contain vulnerabilities, and how are updates and patches handled?

"This is a different attack surface. It's a gray area," he said. "It needs transparency and a clear process for updates for agents, VMs."

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights