πŸ”΄ CVE-2024-50603

Critical unauthenticated OS command injection vulnerability in Aviatrix Controller allowing remote code execution via API endpoints. The vulnerability is actively exploited in the wild and listed in CISA KEV. Aviatrix Controllers are typically deployed as internet-facing cloud management platforms.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-08

Added to CISA KEV: 2025-01-16 8 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2024-50603 is a critical security vulnerability affecting the Aviatrix Controller, a cloud networking platform. Below is a summary of the known details regarding this issue:

Overview and Impact
  • Vulnerability Type: OS Command Injection [3].
  • CVSS Score: 10.0 (Critical) [4].
  • Impact: Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected Aviatrix Controller [1].
Exploitation and Threat Activity
  • Active Exploitation: The vulnerability has been exploited in the wild, with reports of activity appearing as early as January 7, 2025 [2]. It is included in the CISA Known Exploited Vulnerabilities (KEV) catalog [3].
  • Threat Actor Usage: While specific threat actors have not been publicly named, malicious hosts have been observed attempting to exploit the vulnerability [4].
  • Campaigns: There have been reports linking the exploitation of this vulnerability to cryptomining campaigns [5].
Attack Method and Requirements
  • Exploitation Requirements: The attack is performed remotely over the network and does not require authentication or user interaction [1].
  • Technical Details: The vulnerability arises from the improper neutralization of special elements in OS commands. Attackers can send shell metacharacters to the `/v1/api` endpoint, specifically targeting parameters such as `cloud_type` (in `list_flightpath_destination_instances`) or `src_cloud_type` (in `flightpath_connection_test`) [1].
  • PoC Availability: Proof-of-concept (PoC) exploit code is publicly available, including templates for the Nuclei vulnerability scanner [2] [6].
Affected Versions and Mitigation
  • Affected Versions:
* Aviatrix Controller versions prior to 7.1.4191 [3]. * Aviatrix Controller 7.2.x versions prior to 7.2.4996 [3].
  • Status: Users are advised to update to the patched versions immediately to mitigate the risk of remote code execution [1].

Sources

  1. CVE-2024-50603 - Vulnerability Details - OpenCVE

    https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true#remote-code-execution-vulnerability-in-aviatrix-controllers. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50603. https://www.securing.pl/en/cve-2024-50…

  2. January 17 Advisory: Aviatrix Controller Vulnerability... | Censys

    Date of Disclosure (source): January 7, 2025 Date Reported as Actively Exploited (source): January 7, 2025. CVE-2024-50603 is a critical vulnerability affecting all supported versions of Aviatrix Controller prior to 7.1.4191 and 7.2.x before 7.2.4996 with a CVSS score of 10.0. A technical writeup pu…

  3. CVE-2024-50603 Detail - NVD

    An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only…

  4. Aviatrix Controller Vulnerability Exploited in the Wild [CVE-2024 ...

    CVE-2024-50603 is a critical vulnerability affecting all supported versions of Aviatrix Controller prior to 7.1.4191 and 7.2.x before 7.2.4996 with a CVSS score ... CVE-2024-50603 is a critical vulnerability affecting all supported versions of Aviatrix Controller prior to 7.1.4191 and 7.2.x before 7…

  5. CVE-2024-50603 impacts Aviatrix with Cryptomining

    ... CVE-2024-50603 is a critical security vulnerability identified in the Aviatrix Controller , a cloud networking platform used to manage and secure cloud infrastructure across multiple providers. ... The impact of CVE-2024-50603 and the associated cryptomining exploitation is severe, including: .

  6. CVE-2024-50603.yaml - nuclei-templates - GitHub

    An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed