FlagThis

A critical remote code execution (RCE) vulnerability, identified as CVE-2024-50603, has been discovered in the Aviatrix Network Controller. This flaw has a maximum severity score of 10.0 and stems from improper handling of user-supplied parameters within the controller's API. According to Wiz Research, the vulnerability allows unauthenticated remote attackers to inject malicious commands, potentially leading to complete system compromise, data theft, and network breaches. This could also lead to administrative cloud control plane permissions in 65% of cloud environments, allowing attackers access to sensitive cloud resources.

Exploitation of CVE-2024-50603 has already been observed in the wild, with attackers deploying cryptocurrency miners (XMRig) and backdoors (Sliver) on compromised systems. While there's no direct evidence of cloud lateral movement, researchers believe threat actors are leveraging the vulnerability to enumerate cloud permissions and potentially exfiltrate data. Aviatrix has released patches (versions 7.1.4191 and 7.2.4996) and organizations using the Aviatrix Controller are urged to update immediately and restrict public access to the controller to mitigate the risk.

ImgSrc: blogger.googleu

References :

• securityonline.info: Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed
• www.cysecurity.news: Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603)
• Wiz Blog | RSS feed: Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)
• ciso2ciso.com: Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners – Source:thehackernews.com
• securityaffairs.com: Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners
• www.bleepingcomputer.com: Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners.
• The Hacker News: Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
• ciso2ciso.com: Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners – Source: securityaffairs.com
• osint10x.com: Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
• BleepingComputer: Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners.
• ciso2ciso.com: Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners – Source: securityaffairs.com
• ciso2ciso.com: U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com
• gbhackers.com: CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild /vulnerability
• Security Affairs: CISA added the vulnerability to its known exploited vulnerabilities catalog.
• ciso2ciso.com: U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com

Classification:

• HashTags: #Aviatrix #RCE #Vulnerability
• Company: Aviatrix
• Target: Aviatrix Users
• Product: Controller
• Feature: Command Injection
• Type: Vulnerability
• Severity: Disaster