Remote Code Execution Vulnerability in Aviatrix Controller by Aviatrix
CVE-2024-50603
Key Information:
- Vendor
- Aviatrix
- Status
- Vendor
- CVE Published:
- 8 January 2025
Badges
What is CVE-2024-50603?
CVE-2024-50603 is a remote code execution vulnerability found in the Aviatrix Controller, a management platform for multi-cloud networking solutions. This vulnerability arises from insufficient handling of special elements within operating system commands, enabling unauthenticated attackers to execute arbitrary code on affected systems. If exploited, this can lead to severe consequences for organizations, including unauthorized access to sensitive data and disruption of networking services, which are critical for maintaining operational continuity.
Technical Details
This vulnerability affects versions of the Aviatrix Controller prior to 7.1.4191 and 7.2.x versions before 7.2.4996. The issue stems from the improper neutralization of command-line metacharacters within user inputs sent to specific API endpoints (/v1/api), allowing an attacker to manipulate commands executed in the backend. Due to this oversight in input validation, it opens a vector for executing malicious code remotely, posing substantial risks to the integrity and security of the affected systems.
Potential Impact of CVE-2024-50603
-
Unauthorized System Access: Exploiting this vulnerability can grant attackers the ability to execute arbitrary commands on the Aviatrix Controller, leading to unauthorized control over the system and its resources.
-
Data Breach Risks: With potential access to sensitive cloud networking configurations and data, attackers might exfiltrate confidential information, compromising organizational data integrity and privacy.
-
Operational Disruption: The capability to execute malicious code can be leveraged to disrupt networking operations, leading to service downtime and affecting the organizationβs ability to provide uninterrupted services, which can have cascading effects on business operations.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Controller 0 < 7.1.4191
Controller 7.2.0 < 7.2.4996
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
HackreadCVE-2024-50603Hackers Use CVE-2024-50603 to Deploy Backdoor on Aviatrix Controllers
A critical vulnerability (CVE-2024-50603) in the Aviatrix Controller allows unauthenticated RCE. Active exploitation observed by Wiz Research.
Critical 10.0 Aviatrix Controller flaw exploited in the wild
Aviatrix Controllers are prime targets because they have high-level privileges in cloud environments.
Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments
Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.
References
EPSS Score
92% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- π
Vulnerability started trending
- π°
Used in Ransomware
- π°
First article discovered by wiz.io
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved