FlagThis

A critical remote code execution (RCE) vulnerability, identified as CVE-2024-50603, has been discovered in the Aviatrix Network Controller. This flaw has a maximum severity score of 10.0 and stems from improper handling of user-supplied parameters within the controller's API. According to Wiz Research, the vulnerability allows unauthenticated remote attackers to inject malicious commands, potentially leading to complete system compromise, data theft, and network breaches. This could also lead to administrative cloud control plane permissions in 65% of cloud environments, allowing attackers access to sensitive cloud resources.

Exploitation of CVE-2024-50603 has already been observed in the wild, with attackers deploying cryptocurrency miners (XMRig) and backdoors (Sliver) on compromised systems. While there's no direct evidence of cloud lateral movement, researchers believe threat actors are leveraging the vulnerability to enumerate cloud permissions and potentially exfiltrate data. Aviatrix has released patches (versions 7.1.4191 and 7.2.4996) and organizations using the Aviatrix Controller are urged to update immediately and restrict public access to the controller to mitigate the risk.

ImgSrc: blogger.googleusercontent.com

References:

• securityonline.info - Aviatrix Controller RCE CVE-2024-50603 Exploited in the Wild: Cryptojacking and Backdoors Deployed - 1d
• CySecurity News - Latest Information Security and Hacking Incidents - Critical Command Injection Vulnerability Found in Aviatrix Network Controller (CVE-2024-50603) - 1d
• Wiz Blog | RSS feed - Wiz Research Identifies Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603) - 1d
• ciso2ciso.com - Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners – Source:thehackernews.com - 23h

Classification:

• HashTags: Aviatrix RCE Vulnerability
• Company: Aviatrix
• Target: Aviatrix Users
• Product: Controller
• Feature: Command Injection
• Type: Vulnerability
• Severity: Disaster