Ethical Hacking News
Crooks Take Advantage of Aviatrix Controller Vulnerability to Compromise Cloud Environments
A severe vulnerability in Aviatrix Controllers has been exploited by hackers, compromising several cloud deployments and allowing attackers to gain unauthorized access. The bug, CVE-2024-50603, allows for remote code execution (RCE) and grants high IAM privileges. Defenders can upgrade to a non-vulnerable version and apply patches promptly to prevent potential exploitation.
Aviatrix Controllers running on AWS are vulnerable to a severe bug (CVE-2024-50603) that allows for remote code execution (RCE). Hackers are exploiting the vulnerability to gain unauthorized access to cloud environments and pop clouds. Several cloud deployments have already been compromised, with attackers deploying malware such as Silver backdoors and cryptojacking using XMRig. Avoiding public access to Aviatrix Controllers via port 443 can help prevent exploitation. Upgrading to version 7.2.4996 or later can fix the vulnerability, but patching may need to be reapplied in certain circumstances.
The cloud computing landscape has been hit by yet another vulnerability, this time affecting Aviatrix Controllers running on AWS. In a recent development that has sent shockwaves through the cybersecurity community, researchers have confirmed that hackers are exploiting a severe Aviatrix bug (CVE-2024-50603) to pop clouds and gain unauthorized access to cloud environments.
The bug, which was disclosed on January 7, 2025, allows for remote code execution (RCE), making it particularly dangerous. According to the researchers at Wiz, several cloud deployments have already been compromised following the disclosure of this maximum-severity vulnerability. The attackers are able to take advantage of a lateral movement path that allows them to gain admin permissions, which is attributed to Aviatrix Controller being granted high IAM privileges in AWS cloud environments.
In most cases seen so far, compromised environments were exposed to the internet and had patches for the last known Aviatrix Controller RCE (CVE-2021-40870) applied. This suggests that it was indeed the latest bug that was exploited. Researchers are still unclear whether any more attacks have occurred since the publication of their findings.
The successful exploits observed by researchers led to malware deployment, mainly involving Silver backdoors for persistent access, while others focused on cryptojacking using XMRig – a common move for cloud compromises that can result in hefty compute bills for customers. Aviatrix said it wasn't aware of any exploit activity at the time and has since published an advisory.
Defenders can upgrade to version 7.2.4996, which is not vulnerable to CVE-2024-50603. It's also a good idea to prevent public access to the controller via port 443 too, if possible. Additionally, Aviatrix has a patch available for vulnerable controllers, although it said that the fix may need to be reapplied in certain circumstances.
The vendor noted that if a vulnerable version was patched but later updated to a version prior to 7.1.4191 or 7.2.4996, it would require repatching. Moreover, if that controller doesn't have an associated CoPilot running version 4.16.1 or later, then patching again is necessary.
This vulnerability serves as another reminder of the importance of keeping cloud software up-to-date and applying patches promptly. It also highlights the need for defenders to stay vigilant in monitoring their cloud environments for signs of potential exploitation.
In all cases seen so far, compromised environments were exposed to the internet and had the patches for the last known Aviatrix Controller RCE applied. This suggests that it was indeed the latest bug that was exploited. Researchers are still unclear whether any more attacks have occurred since the publication of their findings.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/
https://www.msn.com/en-us/technology/cybersecurity/cryptojacking-backdoors-abound-as-fiends-abuse-aviatrix-controller-bug/ar-BB1rof62
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-50603
https://www.cvedetails.com/cve/CVE-2024-50603/
https://nvd.nist.gov/vuln/detail/CVE-2021-40870
https://www.cvedetails.com/cve/CVE-2021-40870/
Published: Mon Jan 13 18:27:25 2025 by llama3.2 3B Q4_K_M
