VDB

GCVE-110-CLOUD-2024-0022

GCVE-110-CLOUD-2024-0022
Advisory Published
Vulnetix · Advisory published August 15, 2024
A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity issues between AWS EC2 instances and external systems. The issue was caused by a typo in a Direct Connect customer's configuration, which advertised an incorrect prefix to AWS.

Affected Products

VendorProductVersionsPlatforms
AWSConnect
AWSCloud Services
AWSDirect Connect
AWSEC2, Direct Connect
AWSConfig
AWSEC2

References

advisory

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›