Ethical Hacking News
Threat actors are exploiting a critical vulnerability in Aviatrix Controller, a cloud-based networking solution, to deploy backdoors and cryptocurrency miners. The vulnerability has a CVSS score of 10.0 and allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API.
Aviatrix Controller has a critical vulnerability (CVE-2024-50603) with a CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times. The vulnerability allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API. Threat actors are actively exploiting this flaw to deploy backdoors and cryptocurrency miners, including XMRig and Sliver. The attackers use the vulnerability to enumerate cloud permissions for potential data exfiltration. The risk of exploitation is high, especially in cloud environments where Aviatrix Controller is deployed. Organizations that have not patched their Aviatrix Controllers urgently need to take action to protect themselves from exploitation.
Threat actors have been exploiting a critical vulnerability in Aviatrix Controller, a cloud-based networking solution, to deploy backdoors and cryptocurrency miners. The vulnerability, tracked as CVE-2024-50603, has a CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.
The Aviatrix Controller flaw allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API. This means that even without authentication, an attacker can send malicious commands to the Aviatrix Controller and gain control over the system. The vulnerability is caused by the improper neutralization of user-supplied input, which allows an attacker to inject malicious code into the system.
The Wiz Incident Response team has reported that threat actors are actively exploiting this flaw in attacks in the wild, deploying backdoors and cryptocurrency miners. The attackers use the vulnerability to gain access to the Aviatrix Controller and then use it to deploy malware, including XMRig, a cryptocurrency mining software, and Sliver, a backdoor.
The Wiz team has also found that the threat actors are using the vulnerability to enumerate cloud permissions for potential data exfiltration. This means that the attackers are trying to gather information about the cloud environment and then use it to steal sensitive data.
Aviatrix's PSIRT (Product Security Incident Response Team) has confirmed that the vulnerability is being actively exploited by threat actors. The team has advised organizations to patch urgently and has provided a proof-of-concept exploit code for the vulnerability.
The risk of exploitation is high, especially in cloud environments where the Aviatrix Controller is deployed. A study by Wiz found that 3% of cloud enterprise environments have Aviatrix Controller deployed, but 65% of these environments have a lateral movement path to administrative cloud control plane permissions. This means that even if an organization has patched its Aviatrix Controllers, it may still be vulnerable to exploitation through other means.
The attack vector used by the threat actors is also concerning. The attackers are using legitimate APIs and command-line interfaces to deploy malware and gain access to the system. This makes it difficult for organizations to detect and respond to the attacks, as the malicious activity appears to be coming from a legitimate source.
In addition to the Aviatrix Controller flaw, the Wiz team has also found that threat actors are targeting other cloud services, including those provided by AWS and Google Cloud. The attackers are using various exploit codes and vulnerabilities to gain access to these services and deploy malware.
The impact of this vulnerability cannot be overstated. If left unpatched, it can lead to significant security breaches and data exfiltration. Organizations that have not patched their Aviatrix Controllers urgently need to take action to protect themselves from exploitation.
In conclusion, the exploitation of the Aviatrix Controller flaw by threat actors is a growing concern for cloud security. The vulnerability allows attackers to deploy backdoors and cryptocurrency miners, making it difficult for organizations to detect and respond to the attacks. It is essential for organizations to patch their Aviatrix Controllers urgently and take steps to protect themselves from exploitation.
Related Information:
Published: Tue Jan 14 07:57:14 2025 by llama3.2 3B Q4_K_M
