Ethical Hacking News
A recent discovery by Jakub Korepta has revealed a critical vulnerability in the Aviatrix Controller cloud networking platform, posing an extremely high risk to cloud enterprise environments. Learn more about this critical flaw, its implications on cloud security, and how users can mitigate potential risks.
A critical vulnerability in the Aviatrix Controller cloud networking platform has been discovered (CVE-2024-50603), posing a high risk to cloud enterprise environments. The bug allows for unauthenticated remote code execution and can be exploited by an attacker to inject malicious operating system commands, potentially leading to unauthorized access and privilege escalation. Around 3% of cloud enterprise environments have Aviatrix Controller deployed, with approximately 65% demonstrating lateral movement paths to administrative cloud control plane permissions. Patches are available in versions 7.1.4191 and 7.2.4996, but users must apply them as soon as possible to prevent further exploitation. Real-world attacks exploiting the vulnerability have been observed, with attackers using backdoors and command-and-control frameworks to deploy malicious code.
A recent discovery by Jakub Korepta, a security researcher at Polish cybersecurity company Securing, has highlighted a critical vulnerability in the Aviatrix Controller cloud networking platform. The bug, known as CVE-2024-50603 (CVSS score: 10.0), poses an extremely high risk to cloud enterprise environments, allowing for unauthenticated remote code execution. In this article, we will delve into the details of this vulnerability and explore its implications on cloud security.
The Aviatrix Controller is a popular choice among cloud service providers due to its ease of use and scalability features. However, the recent discovery of CVE-2024-50603 has brought to light a critical flaw in the platform's API endpoints, which do not adequately sanitize user-supplied input. This vulnerability can be exploited by an attacker to inject malicious operating system commands, potentially leading to unauthorized access and privilege escalation within the cloud environment.
Wiz, a reputable cloud security firm, has been actively monitoring the situation and reports that around 3% of cloud enterprise environments have Aviatrix Controller deployed. Of these environments, approximately 65% demonstrate a lateral movement path to administrative cloud control plane permissions. This means that if an attacker gains initial access to an instance, they can easily pivot to exfiltrate data from other resources within the cloud environment.
The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996, but it is essential for users to apply these patches as soon as possible to prevent further exploitation. In addition to patching the underlying issue, Wiz recommends restricting public access to Aviatrix Controller to mitigate potential risks.
Real-world attacks exploiting CVE-2024-50603 have been observed in the wild, with attackers leveraging initial access to deploy backdoors and cryptocurrency miners using XMRig and the Sliver command-and-control (C2) framework. The latter likely serves as a means for persistence and follow-on exploitation within the cloud environment.
The potential impact of this vulnerability cannot be overstated, particularly when considering the increasing reliance on cloud infrastructure in modern computing environments. As cloud service providers continue to invest heavily in scalability and flexibility, it is essential that security measures remain robust to prevent unauthorized access and data breaches.
In conclusion, the CVE-2024-50603 vulnerability highlights a critical flaw in Aviatrix Controller's API endpoints, which poses an extremely high risk to cloud enterprise environments. Users are strongly advised to apply patches as soon as possible, restrict public access to Aviatrix Controller, and remain vigilant for potential exploitation attempts.
Related Information:
https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html
https://nvd.nist.gov/vuln/detail/CVE-2024-50603
https://www.cvedetails.com/cve/CVE-2024-50603/
Published: Mon Jan 13 10:34:05 2025 by llama3.2 3B Q4_K_M
