A critical code execution vulnerability in the Aviatrix Controller has been exploited in the wild, allowing threat actors to mine cryptocurrency and deploy backdoors. The CVE-2024-50603 vulnerability affects Aviatrix Controller versions before 7.1.4191 and 7.2.x before 7.2.4996.
According to Wiz Research, around 3% of cloud enterprise environments have Aviatrix Controller deployed, but 65% of these environments have a lateral movement path to administrative cloud control plane permissions. This makes Aviatrix Controller a prime target for threat actors aiming to move laterally and escalate their privileges in the cloud environment.
The vulnerability stems from improper neutralization of user-supplied input, allowing unauthenticated attackers to execute arbitrary commands on the system remotely. A simple proof-of-concept exploit has been published, and Wiz customers can use pre-built queries and advisories to search for publicly exposed as well as vulnerable instances of Aviatrix Controller in their environment.
Security teams are advised to patch vulnerable instances, reduce attack surface, and proactively hunt for evidence of compromise. This includes reviewing threat pages, searching for malware findings, analyzing network logs, and integrating control, security, and network logs with Wiz for effective threat hunting.
Source: https://www.wiz.io/blog/wiz-research-identifies-exploitation-in-the-wild-of-aviatrix-cve-2024-50603