CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Aviatrix Controllers to its Known Exploited Vulnerabilities Catalog.
The flaw, identified as CVE-2024-50603, has been assigned the maximum CVSS score of 10.0, indicating its severe nature and potential for widespread impact.
The vulnerability, an OS command injection flaw, allows unauthenticated attackers to execute arbitrary code on affected Aviatrix Controller systems.
CISA identified that the issue stems from improper handling of user-supplied parameters in the Aviatrix Controller’s API.
The vulnerable endpoints, ‘list_flightpath_destination_instances’ and ‘flightpath_connection_test’, fail to properly sanitize input for parameters like ‘cloud_type’ and ‘src_cloud_type’, allowing malicious actors to inject and execute arbitrary OS commands.
Technical Analysis
Aviatrix Controllers, widely used for managing multi-cloud environments, are particularly at risk in AWS deployments where they often have elevated privileges by default.
Security firm Wiz reports that approximately 3% of enterprise cloud environments use Aviatrix Controllers, with 65% of these installations having potential lateral movement paths to administrative cloud control plane permissions.
The vulnerability affects all supported versions of Aviatrix Controller prior to 7.2.4996 and 7.1.4191. Aviatrix has released patches to address the issue, and CISA strongly urges organizations to apply these updates immediately.
Here the agency has set a due date of February 6, 2025, for Federal Civilian Executive Branch agencies to remediate this vulnerability.
Alarmingly, security researchers have already observed active exploitation of CVE-2024-50603 in the wild.
Attackers are leveraging the flaw to deploy cryptocurrency miners and backdoors, potentially laying the groundwork for more severe compromises.
The exploitation attempts began shortly after the vulnerability’s disclosure on January 7, 2025, with a surge in activity following the publication of a proof-of-concept exploit.
Given the critical nature of this vulnerability and its active exploitation, organizations using Aviatrix Controllers are advised to take immediate action.
This includes applying the available patches, restricting access to the Aviatrix Controller’s API, and conducting thorough forensic investigations to detect any signs of compromise.
CISA recommends that organizations unable to apply mitigations should consider discontinuing use of the affected product.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Warns of Aviatrix Controllers OS Command Injection Vulnerability Exploited in Wild
Author: Tushar Subhra DuttaThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Aviatrix Controllers to its Known Exploited Vulnerabilities Catalog.
The flaw, identified as CVE-2024-50603, has been assigned the maximum CVSS score of 10.0, indicating its severe nature and potential for widespread impact.
The vulnerability, an OS command injection flaw, allows unauthenticated attackers to execute arbitrary code on affected Aviatrix Controller systems.
CISA identified that the issue stems from improper handling of user-supplied parameters in the Aviatrix Controller’s API.
The vulnerable endpoints, ‘list_flightpath_destination_instances’ and ‘flightpath_connection_test’, fail to properly sanitize input for parameters like ‘cloud_type’ and ‘src_cloud_type’, allowing malicious actors to inject and execute arbitrary OS commands.
Technical Analysis
Aviatrix Controllers, widely used for managing multi-cloud environments, are particularly at risk in AWS deployments where they often have elevated privileges by default.
Security firm Wiz reports that approximately 3% of enterprise cloud environments use Aviatrix Controllers, with 65% of these installations having potential lateral movement paths to administrative cloud control plane permissions.
The vulnerability affects all supported versions of Aviatrix Controller prior to 7.2.4996 and 7.1.4191. Aviatrix has released patches to address the issue, and CISA strongly urges organizations to apply these updates immediately.
Here the agency has set a due date of February 6, 2025, for Federal Civilian Executive Branch agencies to remediate this vulnerability.
Alarmingly, security researchers have already observed active exploitation of CVE-2024-50603 in the wild.
Attackers are leveraging the flaw to deploy cryptocurrency miners and backdoors, potentially laying the groundwork for more severe compromises.
The exploitation attempts began shortly after the vulnerability’s disclosure on January 7, 2025, with a surge in activity following the publication of a proof-of-concept exploit.
Given the critical nature of this vulnerability and its active exploitation, organizations using Aviatrix Controllers are advised to take immediate action.
This includes applying the available patches, restricting access to the Aviatrix Controller’s API, and conducting thorough forensic investigations to detect any signs of compromise.
CISA recommends that organizations unable to apply mitigations should consider discontinuing use of the affected product.
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
