A critical security flaw in the Aviatrix Controller cloud networking platform has come under active exploitation in the wild, putting users at risk of backdoors and cryptocurrency miners being deployed. The vulnerability, CVE-2024-50603, has a CVSS score of 10.0, indicating maximum severity.
The flaw allows an attacker to inject malicious operating system commands due to inadequate API endpoint sanitization. According to Wiz, around 3% of cloud enterprise environments have Aviatrix Controller deployed, with 65% demonstrating lateral movement paths to administrative permissions, making exploitation a high-impact risk.
Attackers are leveraging the vulnerability to mine cryptocurrency and deploy command-and-control frameworks for persistence. While direct evidence of cloud lateral movement is not yet confirmed, Wiz researchers believe it’s likely that threat actors are using the vulnerability to enumerate cloud permissions and exfiltrate data.
In light of this, users are recommended to apply patches as soon as possible and prevent public access to Aviatrix Controller. Aviatrix has issued a hot patch for numerous versions of software, but warns customers on older versions to remain current or risk exploitation.
The company has taken proactive measures to ensure customer security, including targeted campaigns and configuration hardening. Permanent fixes have been released for currently supported software trains, with a significant portion of customers patched prior to public disclosure. Aviatrix continues to communicate with affected customers to restore their software to a clean state.
Source: https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html